ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 283 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 283
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A large company has hundreds of AWS accounts. The company needs to provide its employees with access to these accounts. The solution must maximize scalability and operational efficiency.
Which solution meets these requirements?

  • A. With each AWS account, create dedicated IAM users that employees can assume through federation based upon group membership in their existing identity provider.
  • B. Use a centralized account with IAM roles that employees can assume through federation with their existing identity provider. Create a custom authorizer by using AWS SDK to give federated users the ability to assume their target role in the resource accounts.
  • C. Implement AWS Control Tower for multi-account management by integrating AWS Single Sign-On with the company's existing identity provider. Create IAM roles for the identity provider to assume.
  • D. Configure the IAM trust policies within each account's role to set up a trust back to the company's existing identity provider. Allow users to assume the role based on their SAML token.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by dumma at Aug. 26, 2021, 12:33 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dumma
Highly Voted 3 years, 8 months ago
C is correct as control tower is used for multi account
upvoted 15 times
1awssec
3 years, 7 months ago
https://aws.amazon.com/controltower/?control-blogs.sort-by=item.additionalFields.createdDate&control-blogs.sort-order=desc
upvoted 2 times
...
...
Raphaello
Most Recent 1 year, 3 months ago
Selected Answer: C
Using Control Tower and AWS SSO (Identity Center) with the company's IdP is the correct solution. C is the correct answer.
upvoted 1 times
...
Toptip
2 years ago
Selected Answer: C
C can't be anything else
upvoted 1 times
...
ITGURU51
2 years, 1 month ago
This solution allows the company to use AWS Control Tower to centrally manage access to multiple AWS accounts. By integrating AWS Single Sign-On with the company’s existing identity provider, employees can use their existing credentials to sign in to AWS. IAM roles can then be created for the identity provider to assume, allowing employees to access the necessary AWS accounts. C
upvoted 1 times
...
Smartphone
2 years, 4 months ago
C seems to be the right answer. https://aws.amazon.com/blogs/architecture/field-notes-enroll-existing-aws-accounts-into-aws-control-tower/
upvoted 1 times
...
must_be_rohit
2 years, 5 months ago
Selected Answer: B
B seems to be the right answer Question says there are multiple aws accounts but organization is not mentioned anywhere so we cannot have control tower until ORG is enabled..
upvoted 1 times
...
D2
2 years, 6 months ago
Answer C
upvoted 1 times
...
sapien45
2 years, 9 months ago
Selected Answer: C
We implemented it with AzureAD, works as a charm
upvoted 1 times
...
dcasabona
2 years, 10 months ago
Selected Answer: C
Option c as well...
upvoted 1 times
...
Kaloda
2 years, 10 months ago
"Create IAM roles for the identity provider to assume." roles are assumed by user(s), application(s), Service(s), not by identity provider
upvoted 1 times
...
xaocho
2 years, 11 months ago
Selected Answer: C
just C
upvoted 1 times
...
ngngngng1999
3 years ago
Selected Answer: C
C is correct
upvoted 1 times
...
treeli
3 years, 1 month ago
Selected Answer: C
I do not think sdk can handle aws login
upvoted 1 times
...
slymenk
3 years, 1 month ago
Selected Answer: C
https://aws.amazon.com/controltower/?control-blogs.sort-by=item.additionalFields.createdDate&control-blogs.sort-order=desc
upvoted 1 times
...
RaySmith
3 years, 3 months ago
C is correct.
upvoted 1 times
...
Radhaghosh
3 years, 4 months ago
C is correct. AWS Control Tower is the way
upvoted 1 times
...
YouYouYou
3 years, 4 months ago
C is the best answer not just for single sign on but also for managing multiple accounts with scalability and efficiency in mind.
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel