ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 29 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 29
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company has an organization in AWS Organizations. The organization includes workload accounts that contain enterprise applications. The company centrally manages users from an operations account. No users can be created in the workload accounts. The company recently added an operations team and must provide the operations team members with administrator access to each workload account.
Which combination of actions will provide this access? (Choose three.)

  • A. Create a SysAdmin role in the operations account. Attach the AdministratorAccess policy to the role. Modify the trust relationship to allow the sts:AssumeRole action from the workload accounts.
  • B. Create a SysAdmin role in each workload account. Attach the AdministratorAccess policy to the role. Modify the trust relationship to allow the sts:AssumeRole action from the operations account.
  • C. Create an Amazon Cognito identity pool in the operations account. Attach the SysAdmin role as an authenticated role.
  • D. In the operations account, create an IAM user for each operations team member.
  • E. In the operations account, create an IAM user group that is named SysAdmins. Add an IAM policy that allows the sts:AssumeRole action for the SysAdmin role in each workload account. Add all operations team members to the group.
  • F. Create an Amazon Cognito user pool in the operations account. Create an Amazon Cognito user for each operations team member.
Show Suggested Answer Hide Answer
Suggested Answer: BDE 🗳️
by boledadian at April 14, 2023, 2:41 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
habros
Highly Voted 1 year, 9 months ago
Selected Answer: BDE
Any thing Cognito, safe to remove (it is only used for application identity management) Step 1: Create each role in each workload account. Set trust relationship to only sts:AssumeRole via the operations user in operations account Step 2: Self explanatory: whatever permission you needs once the user assumed the role Step 3: Voila
upvoted 7 times
...
Srikantha
Most Recent 2 weeks, 6 days ago
Selected Answer: ABE
ChatGPT Explanation
upvoted 1 times
...
jamesf
8 months, 4 weeks ago
Selected Answer: BDE
BDE Not A - Create SysAdmin role for workload accounts. Not C F - No Cognito require.
upvoted 1 times
...
HarryLy
10 months, 2 weeks ago
Selected Answer: BDE
Operation account: - Need to create a role to assume role in workload account --> E - Create a group of users can perform assume role --> D workload account - Need to create a role with have admin perssion for operation account assume -->B
upvoted 1 times
...
c3518fc
1 year ago
Selected Answer: BEF
Not sure why everyone is saying BDE. Why would you create an IAM user for each member and also create for the group? Make it make sense
upvoted 2 times
...
4555894
1 year, 1 month ago
Selected Answer: BDE
https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
upvoted 1 times
...
Vitalydt
1 year, 1 month ago
Selected Answer: BDE
EBD looks like the best choice
upvoted 1 times
...
dzn
1 year, 2 months ago
Selected Answer: BDE
sts:AssumeRole is one of the AWS Security Token Service (STS) actions used to obtain temporary security credentials and assume the role of another AWS account.
upvoted 1 times
...
thanhnv142
1 year, 2 months ago
BDE: No cognito here. -step 1: create role in workload accounts -step 2: create IAM user for each member -step 3: move all member to the group that has permission to assume the role in step 1
upvoted 3 times
...
madperro
1 year, 10 months ago
Selected Answer: BDE
BDE seems to be right.
upvoted 2 times
...
rdoty
1 year, 10 months ago
Selected Answer: BDE
def BDE cause role must be created in workload accounts and assumed by the operations account
upvoted 1 times
...
bcx
1 year, 10 months ago
Selected Answer: BDE
Correct: BDE Cognito has nothing to do with this, so C and F are wrong. The roles must be created in the workload accounts and assumed from the operations account. So A is wrong.
upvoted 1 times
...
ParagSanyashiv
1 year, 11 months ago
Selected Answer: BDE
BDE seems the correct strategy
upvoted 3 times
...
5aga
1 year, 11 months ago
Why do we need option A when question is asking access to workload account?
upvoted 1 times
...
alce2020
2 years ago
A,B,E it is
upvoted 1 times
...
ele
2 years ago
Selected Answer: BDE
BDE is right answer, nothing to do with cognito
upvoted 2 times
...
jqso234
2 years ago
Selected Answer: ABE
Options C, D, and F are incorrect because they do not provide a way for the operations team members to assume a role in the workload accounts, which is necessary to access the resources in those accounts.
upvoted 1 times
vvndx
1 year, 11 months ago
Should be BDE, Why the need to create two roles?
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago