Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Amazon Discussions

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 476 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 476
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company is expecting rapid growth in the near future. A solutions architect needs to configure existing users and grant permissions to new users on AWS. The solutions architect has decided to create IAM groups. The solutions architect will add the new users to IAM groups based on department.

Which additional action is the MOST secure way to grant permissions to the new users?

  • A. Apply service control policies (SCPs) to manage access permissions
  • B. Create IAM roles that have least privilege permission. Attach the roles to the IAM groups
  • C. Create an IAM policy that grants least privilege permission. Attach the policy to the IAM groups
  • D. Create IAM roles. Associate the roles with a permissions boundary that defines the maximum permissions
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by nosense at May 16, 2023, 9:01 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Rob1L
Highly Voted 1 year, 1 month ago
Selected Answer: C
Option B is incorrect because IAM roles are not directly attached to IAM groups.
upvoted 8 times
RoroJ
1 year, 1 month ago
IAM Roles can be attached to IAM Groups: https://docs.aws.amazon.com/directoryservice/latest/admin-guide/assign_role.html
upvoted 3 times
antropaws
1 year, 1 month ago
Read your own link: You can assign an existing IAM role to an AWS Directory Service user or group. Not to IAM groups.
upvoted 7 times
...
...
...
Efren
Highly Voted 1 year, 1 month ago
Selected Answer: C
Agreed with C https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_manage_attach-policy.html Attaching a policy to an IAM user group
upvoted 5 times
...
zinabu
Most Recent 2 months, 4 weeks ago
create role=for resource like EC2 and lambda .... create a Policy =for groups or user access policy for the resources like S3 bucket
upvoted 2 times
...
pentium75
6 months, 1 week ago
Selected Answer: C
Not A or D because this is not about restricting maximum permissions, it is is about securely granting permissions Not B because IAM roles are not attached to IAM groups. C because IAM policies are attached to IAM groups.
upvoted 4 times
...
potomac
8 months ago
Selected Answer: C
A is wrong SCPs are mainly used along with AWS Organizations organizational units (OUs). SCPs do not replace IAM Policies such that they do not provide actual permissions. To perform an action, you would still need to grant appropriate IAM Policy permissions.
upvoted 2 times
...
Guru4Cloud
10 months, 2 weeks ago
Selected Answer: C
Create an IAM policy that grants least privilege permission. Attach the policy to the IAM groups
upvoted 1 times
...
TariqKipkemei
1 year ago
Selected Answer: C
An IAM policy is an object in AWS that, when associated with an identity or resource, defines their permissions. Permissions in the policies determine whether a request is allowed or denied. You manage access in AWS by creating policies and attaching them to IAM identities (users, groups of users, or roles) or AWS resources. So, option B will also work. But Since I can only choose one, C would be it.
upvoted 2 times
...
MrAWSAssociate
1 year ago
Selected Answer: C
You can attach up to 10 IAM policy for a 'user group'.
upvoted 1 times
...
antropaws
1 year, 1 month ago
Selected Answer: C
C is the correct one.
upvoted 1 times
...
nosense
1 year, 1 month ago
Selected Answer: B
should be b
upvoted 2 times
imazsyed
1 year, 1 month ago
it should be C
upvoted 3 times
nosense
1 year, 1 month ago
Option C is not as secure as option B because IAM policies are attached to individual users and cannot be used to manage permissions for groups of users.
upvoted 2 times
omoakin
1 year, 1 month ago
IAM Roles manage who has access to your AWS resources, whereas IAM policies control their permissions. A Role with no Policy attached to it won’t have to access any AWS resources. A Policy that is not attached to an IAM role is effectively unused.
upvoted 4 times
Clouddon
10 months, 1 week ago
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
upvoted 1 times
...
...
...
...
pentium75
6 months, 1 week ago
IAM roles are not attached to IAM groups. IAM policies are attached to IAM roles, IAM groups or IAM users. IAM roles are used by services.
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
ex Want to SAVE BIG on Certification Exam Prep?
close
ex Unlock All Exams with ExamTopics Pro 75% Off
  • arrow Choose From 1000+ Exams
  • arrow Access to 10 Exams per Month
  • arrow PDF Format Available
  • arrow Inline Discussions
  • arrow No Captcha/Robot Checks
Limited Time Offer
Ends in

Claim Offer Now
286 people claimed it in the last 6 hours