ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 149 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 149
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company is subject to regulatory audits of its financial information. External auditors who use a single AWS account need access to the company's AWS account. A solutions architect must provide the auditors with secure, read-only access to the company's AWS account. The solution must comply with AWS security best practices.

Which solution will meet these requirements?

  • A. In the company's AWS account, create resource policies for all resources in the account to grant access to the auditors' AWS account. Assign a unique external ID to the resource policy.
  • B. In the company's AWS account, create an IAM role that trusts the auditors' AWS account. Create an IAM policy that has the required permissions. Attach the policy to the role. Assign a unique external ID to the role's trust policy.
  • C. In the company's AWS account, create an IAM user. Attach the required IAM policies to the IAM user. Create API access keys for the IAM user. Share the access keys with the auditors.
  • D. In the company's AWS account, create an IAM group that has the required permissions. Create an IAM user in the company's account for each auditor. Add the IAM users to the IAM group.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by zhangyu20000 at Jan. 16, 2023, 4:20 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tatdatpham
Highly Voted 1 year, 10 months ago
Selected Answer: B
Option B is the best solution. This solution creates an IAM role that trusts the auditors' AWS account and attaches the required IAM policies to the role. This ensures that the auditors have read-only access to the company's AWS account while ensuring that the company's AWS account is secure and complies with AWS security best practices. Additionally, the unique external ID assigned to the role's trust policy adds an extra layer of security.
upvoted 7 times
...
duriselvan
Most Recent 10 months, 1 week ago
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html
upvoted 1 times
...
duriselvan
10 months, 1 week ago
To create an IAM role that trusts the auditors' AWS account, you can do the following: Sign in to the AWS Management Console and open the IAM console. In the navigation pane, choose Roles, and then choose Create role. Choose the Custom trust policy role type. In the Custom trust policy section, enter or paste the following trust policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<auditor-account-id>:root" }, "Action": "sts:AssumeRole" } ] }
upvoted 1 times
...
career360guru
1 year ago
Selected Answer: B
Option B
upvoted 1 times
...
dkcloudguru
1 year, 3 months ago
B is correct
upvoted 1 times
...
NikkyDicky
1 year, 5 months ago
Selected Answer: B
its a b
upvoted 1 times
...
mfsec
1 year, 9 months ago
Selected Answer: B
In the company's AWS account, create an IAM role that trusts the auditors' AWS account.
upvoted 3 times
...
zozza2023
1 year, 11 months ago
Selected Answer: B
B seems to be the right answer
upvoted 3 times
...
masetromain
1 year, 11 months ago
Selected Answer: B
The correct answer is B. In the company's AWS account, create an IAM role that trusts the auditors' AWS account. Create an IAM policy that has the required permissions. Attach the policy to the role. Assign a unique external ID to the role's trust policy. This solution meets the requirement of providing the external auditors with secure, read-only access to the company's AWS account while also complying with AWS security best practices. In this solution, an IAM role is created that trusts the auditors' AWS account and has an IAM policy with the required permissions attached to it. The role's trust policy should include a unique external ID for added security. This allows the external auditors to assume the role and access the resources with the permissions specified in the policy, without the need to share access keys or create individual IAM users for each auditor.
upvoted 3 times
masetromain
1 year, 11 months ago
Option A is incorrect because it grants access to all resources in the company's AWS account and does not provide a way to restrict the permissions that the external auditors have. Option C is incorrect because it creates an IAM user in the company's account and shares the API access keys with the external auditors, which is not secure and does not comply with AWS security best practices. Option D is incorrect because it creates an IAM user in the company's account for each auditor, which would be tedious and difficult to manage for the company. It would be more secure and efficient to use an IAM role that trusts the auditors' AWS account instead of creating individual users for each auditor.
upvoted 2 times
...
...
zhangyu20000
1 year, 11 months ago
B is correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel