Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 149 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02

Question #: 149
Topic #: 1

[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company is subject to regulatory audits of its financial information. External auditors who use a single AWS account need access to the company's AWS account. A solutions architect must provide the auditors with secure, read-only access to the company's AWS account. The solution must comply with AWS security best practices.

Which solution will meet these requirements?

A. In the company's AWS account, create resource policies for all resources in the account to grant access to the auditors' AWS account. Assign a unique external ID to the resource policy.
B. In the company's AWS account, create an IAM role that trusts the auditors' AWS account. Create an IAM policy that has the required permissions. Attach the policy to the role. Assign a unique external ID to the role's trust policy.
C. In the company's AWS account, create an IAM user. Attach the required IAM policies to the IAM user. Create API access keys for the IAM user. Share the access keys with the auditors.
D. In the company's AWS account, create an IAM group that has the required permissions. Create an IAM user in the company's account for each auditor. Add the IAM users to the IAM group.

Show Suggested Answer

Suggested Answer: B 🗳️

by zhangyu20000 at Jan. 16, 2023, 4:20 p.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Submit Cancel

tatdatpham

Highly Voted 2 years ago

Selected Answer: B

Option B is the best solution. This solution creates an IAM role that trusts the auditors' AWS account and attaches the required IAM policies to the role. This ensures that the auditors have read-only access to the company's AWS account while ensuring that the company's AWS account is secure and complies with AWS security best practices. Additionally, the unique external ID assigned to the role's trust policy adds an extra layer of security.

upvoted 7 times

...

princajen

Most Recent 1 week, 2 days ago

Selected Answer: B

When granting external parties access to your AWS account, use cross-account IAM roles with a trust policy for their AWS account and an external ID to prevent the confused deputy problem. Attach least-privilege permissions (e.g., ReadOnlyAccess). This avoids sharing permanent credentials and aligns with AWS security best practices.

upvoted 1 times

...

duriselvan

12 months ago

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html

upvoted 1 times

...

duriselvan

12 months ago

To create an IAM role that trusts the auditors' AWS account, you can do the following: Sign in to the AWS Management Console and open the IAM console. In the navigation pane, choose Roles, and then choose Create role. Choose the Custom trust policy role type. In the Custom trust policy section, enter or paste the following trust policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<auditor-account-id>:root" }, "Action": "sts:AssumeRole" } ] }

upvoted 1 times

...

career360guru

1 year, 1 month ago

Selected Answer: B

Option B

upvoted 1 times

...

dkcloudguru

1 year, 5 months ago

B is correct

upvoted 1 times

...

NikkyDicky

1 year, 7 months ago

Selected Answer: B

its a b

upvoted 1 times

...

mfsec

1 year, 10 months ago

Selected Answer: B

In the company's AWS account, create an IAM role that trusts the auditors' AWS account.

upvoted 3 times

...

zozza2023

2 years ago

Selected Answer: B

B seems to be the right answer

upvoted 3 times

...

masetromain

2 years, 1 month ago

Selected Answer: B

The correct answer is B. In the company's AWS account, create an IAM role that trusts the auditors' AWS account. Create an IAM policy that has the required permissions. Attach the policy to the role. Assign a unique external ID to the role's trust policy. This solution meets the requirement of providing the external auditors with secure, read-only access to the company's AWS account while also complying with AWS security best practices. In this solution, an IAM role is created that trusts the auditors' AWS account and has an IAM policy with the required permissions attached to it. The role's trust policy should include a unique external ID for added security. This allows the external auditors to assume the role and access the resources with the permissions specified in the policy, without the need to share access keys or create individual IAM users for each auditor.

upvoted 3 times

masetromain

2 years, 1 month ago

Option A is incorrect because it grants access to all resources in the company's AWS account and does not provide a way to restrict the permissions that the external auditors have. Option C is incorrect because it creates an IAM user in the company's account and shares the API access keys with the external auditors, which is not secure and does not comply with AWS security best practices. Option D is incorrect because it creates an IAM user in the company's account for each auditor, which would be tedious and difficult to manage for the company. It would be more secure and efficient to use an IAM role that trusts the auditors' AWS account instead of creating individual users for each auditor.

upvoted 2 times

...

zhangyu20000

2 years, 1 month ago

B is correct

upvoted 2 times

...