ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 538 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 538
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company wants to enforce strict security guidelines on accessing AWS Cloud resources as the company migrates production workloads from its data centers.
Company management wants all users to receive permissions according to their job roles and functions.
Which solution meets these requirements with the LEAST operational overhead?

  • A. Create an AWS Single Sign-On deployment. Connect to the on-premises Active Directory to centrally manage users and permissions across the company.
  • B. Create an IAM role for each job function. Require each employee to call the sts:AssumeRole action in the AWS Management Console to perform their job role.
  • C. Create individual IAM user accounts for each employee. Create an IAM policy for each job function, and attach the policy to all IAM users based on their job role.
  • D. Create individual IAM user accounts for each employee. Create IAM policies for each job function. Create IAM groups, and attach associated policies to each group. Assign the IAM users to a group based on their job role.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Subhankar89 at Dec. 15, 2021, 5:31 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Subhankar89
Highly Voted 3 years, 5 months ago
Answer is A
upvoted 13 times
Alcpt
3 years, 4 months ago
Having originated from on-prem AD, extending AD into the cloud would be easiest / centralization with least effort?
upvoted 1 times
osel
3 years, 3 months ago
Can provision users and groups from an external identity provider (eg On-Prem AD) into AWS SSO and manage access permissions in the AWS SSO console. If you choose to manage your users in AWS SSO, you can quickly create users and then easily organize them into groups, all within the SSO console. AWS SSO is integrated with MS AD through the AWS Directory Service. That means your employees can sign in to your AWS SSO user portal using their corporate Active Directory credentials. To grant Active Directory users access to AWS Accounts & Apps, you simply add the appropriate Active Directory groups to the resources. AWS SSO records all sign-in activity in AWS CloudTrail.
upvoted 2 times
...
...
...
Rob_q
Highly Voted 3 years, 4 months ago
Selected Answer: D
Ans=D It does not mention AD, and the answer contains the suggested procedure as mentioned in ACG practice exam.
upvoted 12 times
...
BECAUSE
Most Recent 1 year, 11 months ago
Selected Answer: D
D is the answer
upvoted 1 times
...
cloudfever
2 years, 8 months ago
Selected Answer: D
Answer is D
upvoted 1 times
...
sanathsh
2 years, 8 months ago
I will go with D, where is mentioned that the company has AD on premises?
upvoted 1 times
...
Moathov
2 years, 9 months ago
Selected Answer: A
Least operational overhead ... Answer is A
upvoted 1 times
...
Moathov
2 years, 9 months ago
Selected Answer: A
AAAAAAAAAAAAAAAAAAA
upvoted 1 times
...
cloud_collector
2 years, 9 months ago
"Create ... for each employee. Create ... for each job function." = LEAST amount of operational overhead ?
upvoted 1 times
...
bora4motion
2 years, 10 months ago
Selected Answer: A
"The company's management desires that all users obtain rights according with their employment titles and responsibilities." this suggests something is already in place. I would go with A.
upvoted 3 times
...
bobby_kl
2 years, 12 months ago
Selected Answer: A
Least effort
upvoted 2 times
...
esinan
3 years ago
Selected Answer: A
The easiest way is using AD.
upvoted 3 times
...
yongj2010
3 years ago
LEAST amount of operational overhead Ans is A for sure.
upvoted 1 times
...
Karthikeyan_nick
3 years, 1 month ago
Option A: Make sense B, C and D are not LEAST amount of operational overhead
upvoted 1 times
...
klapek
3 years, 1 month ago
Let's say corporation hire 10,000 people. I don't think it's easiest to create every user separately. I go with A
upvoted 2 times
...
fsanaja1
3 years, 1 month ago
Selected Answer: A
A is with less operation
upvoted 3 times
...
25dec_
3 years, 4 months ago
I think the answer should be A B & C can't be what if they have 1000 employees, and you have to create 1000 IAM users ???
upvoted 2 times
...
FF11
3 years, 4 months ago
D is correct answer
upvoted 2 times
osel
3 years, 3 months ago
D using IAM Groups has less ops overhead for future maintenance than C using only IAM Users.
upvoted 1 times
adsdadasdad
3 years, 3 months ago
So manually creating Iam users with their access is the easiest? Tedious task and would be better with AD and then just review and change the roles as needed
upvoted 1 times
crazyprags
3 years, 2 months ago
We usually don't prefer to use IAM users directly as it is risky.
upvoted 1 times
...
...
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago