ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 179 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 179
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

An organization with a large IT department has decided to migrate to AWS. With different job functions in the IT department, it is not desirable to give all users access to all AWS resources. Currently the organization handles access via LDAP group membership.

What is the BEST method to allow access using current LDAP credentials?

  • A. Create an AWS Directory Service Simple AD. Replicate the on-premises LDAP directory to Simple AD.
  • B. Create a Lambda function to read LDAP groups and automate the creation of IAM users.
  • C. Use AWS CloudFormation to create IAM roles. Deploy Direct Connect to allow access to the on-premises LDAP server.
  • D. Federate the LDAP directory with IAM using SAML. Create different IAM roles to correspond to different LDAP groups to limit permissions.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by grka25 at Dec. 8, 2022, 5:32 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tyfta6
Highly Voted 2 years ago
Selected Answer: D
Vote for D
upvoted 5 times
...
johnson_chao
Most Recent 8 months, 3 weeks ago
Selected Answer: D
answer is D ref : https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html
upvoted 2 times
...
r2c3po
11 months, 3 weeks ago
Selected Answer: D
Option D is the correct choice: D. Federate the LDAP directory with IAM using SAML: By federating with IAM using SAML, you enable single sign-on (SSO) and allow users to authenticate using their existing LDAP credentials. This eliminates the need to manage separate IAM user accounts and passwords for AWS access. Different IAM roles can be created to correspond to different LDAP groups, and users can assume these roles to gain access to AWS resources. This helps in limiting permissions based on the LDAP group membership.
upvoted 2 times
...
alexiscloud
1 year, 1 month ago
Uses existing LDAP credentials Allows role mapping by LDAP group Fulfills access requirements by creating granular IAM roles mapped to LDAP groups Ans:D
upvoted 2 times
...
grka25
2 years ago
Answer is D
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel