ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 555 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 555
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company wants to move from many standalone AWS accounts to a consolidated, multi-account architecture. The company plans to create many new AWS accounts for different business units. The company needs to authenticate access to these AWS accounts by using a centralized corporate directory service.
Which combination of actions should a solutions architect recommend to meet these requirements? (Choose two.)

  • A. Create a new organization in AWS Organizations with all features turned on. Create the new AWS accounts in the organization.
  • B. Set up an Amazon Cognito identity pool. Configure AWS Single Sign-On to accept Amazon Cognito authentication.
  • C. Configure a service control policy (SCP) to manage the AWS accounts. Add AWS Single Sign-On to AWS Directory Service.
  • D. Create a new organization in AWS Organizations. Configure the organization's authentication mechanism to use AWS Directory Service directly.
  • E. Set up AWS Single Sign-On (AWS SSO) in the organization. Configure AWS SSO, and integrate it with the company's corporate directory service.
Show Suggested Answer Hide Answer
Suggested Answer: AE 🗳️
by BlassArun at Dec. 29, 2021, 5:33 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
azure_kai
Highly Voted 3 years, 6 months ago
Selected Answer: AE
Ans: A & E https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source-ad.html
upvoted 20 times
...
BECAUSE
Most Recent 2 years, 1 month ago
Selected Answer: AE
A and E are the answers
upvoted 1 times
...
PRASAD180
2 years, 2 months ago
AE is crt
upvoted 1 times
...
Root_Access
2 years, 10 months ago
Selected Answer: AE
BCD are wrong: you need to use company's directory services (federate or SSO)
upvoted 1 times
...
queen101
2 years, 11 months ago
AAAAAAAAAEEEEEEEEEE
upvoted 1 times
...
marklovesaws143
2 years, 11 months ago
Selected Answer: AE
AEAEAEAEAE
upvoted 1 times
...
hema13
2 years, 12 months ago
AE https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
upvoted 1 times
...
rath2022
3 years ago
Selected Answer: AC
Requirement: [1]generate a large number of new AWS accounts for its business divisions. [2] must use a single corporate directory service to authenticate access to these AWS accounts. A. Create a new organization in AWS Organizations with all features turned on. Create the new AWS accounts in the organization. -- Needed for Requirement [1] B. Set up an Amazon Cognito identity pool. Configure AWS Single Sign-On to accept Amazon Cognito authentication. C. Configure a service control policy (SCP) to manage the AWS accounts. Add AWS Single Sign-On to AWS Directory Service. -- Needed for Requirement [2] D. Create a new organization in AWS Organizations. Configure the organization's authentication mechanism to use AWS Directory Service directly.-- doesn't fulfil req[1] E. Set up AWS Single Sign-On (AWS SSO) in the organization. Configure AWS SSO, and integrate it with the company's corporate directory service. -- Can't fulfil requirement [2] as a admin of a sub-OU can still authenticate bypassing SSO
upvoted 2 times
...
timcheuk
3 years, 3 months ago
Selected Answer: CD
SCP + Single Sign-On to AWS Directory Service Then configure organization to use AWS Directory Service
upvoted 3 times
rajansm7
3 years, 2 months ago
Here, the users are coming from a Corporate Active Directory and not the IAM Users, so SCP will not work on these accounts. So SCP option is ruled out!
upvoted 3 times
jiaminjiamin
2 years, 11 months ago
but I do think scp here is not relevant. SCP is more for a central place to set limits for all accounts.
upvoted 1 times
...
jiaminjiamin
2 years, 11 months ago
The users are indeed aws acccounts, created in steps described in A A reads "Create a new organization in AWS Organizations with all features turned on. Create the new AWS accounts in the organization."
upvoted 1 times
...
...
...
DianaRP
3 years, 5 months ago
A E https://aws.amazon.com/organizations/
upvoted 2 times
...
FF11
3 years, 5 months ago
Selected Answer: DE
https://docs.aws.amazon.com/singlesignon/latest/userguide/connectonpremad.html
upvoted 1 times
petervu
3 years, 5 months ago
D does not "generate a large number of new AWS accounts for its business divisions". Correct answers should be A and E.
upvoted 2 times
Kuro091
3 years ago
You can do that in Single Sign On (SSO). E set up the AWS -----> corporate connection. Now we need D to set up the corporate <-------- AWS connection.
upvoted 1 times
...
...
...
FF11
3 years, 5 months ago
Selected Answer: DE
D&E are most appropriate. https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-directory-service.html https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html
upvoted 2 times
...
adsdadasdad
3 years, 5 months ago
its A and E
upvoted 2 times
...
Vcskgp
3 years, 5 months ago
A,C seems like.
upvoted 2 times
...
kevinsnow
3 years, 6 months ago
B is wrong. https://aws.amazon.com/single-sign-on/faqs/ Amazon Cognito is a service that helps you manage identities for your customer facing applications; it is not a supported identity source in AWS SSO. You can create and manage your workforce identities in AWS SSO or in your external identity source including Microsoft Active Directory, Okta Universal Directory, Azure Active Directory (Azure AD), or another supported IdP.
upvoted 3 times
...
sammy088
3 years, 6 months ago
Selected Answer: CD
this is the correct 1
upvoted 2 times
...
BlassArun
3 years, 6 months ago
Ans is BC
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel