exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 7 discussion

A company needs a security engineer to implement a scalable solution for multi-account authentication and authorization. The solution should not introduce additional user-managed architectural components. Native AWS features should be used as much as possible. The security engineer has set up AWS Organizations with all features activated and AWS IAM Identity Center (AWS Single Sign-On) enabled.
Which additional steps should the security engineer take to complete the task?

  • A. Use AD Connector to create users and groups for all employees that require access to AWS accounts. Assign AD Connector groups to AWS accounts and link to the IAM roles in accordance with the employees’ job functions and access requirements. Instruct employees to access AWS accounts by using the AWS Directory Service user portal.
  • B. Use an IAM Identity Center default directory to create users and groups for all employees that require access to AWS accounts. Assign groups to AWS accounts and link to permission sets in accordance with the employees’ job functions and access requirements. Instruct employees to access AWS accounts by using the IAM Identity Center user portal.
  • C. Use an IAM Identity Center default directory to create users and groups for all employees that require access to AWS accounts. Link IAM Identity Center groups to the IAM users present in all accounts to inherit existing permissions. Instruct employees to access AWS accounts by using the IAM Identity Center user portal.
  • D. Use AWS Directory Service for Microsoft Active Directory to create users and groups for all employees that require access to AWS accounts. Enable AWS Management Console access in the created directory and specify IAM Identity Center as a source of information for integrated accounts and permission sets. Instruct employees to access AWS accounts by using the AWS Directory Service user portal.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Daniel76
Highly Voted 1 year ago
Selected Answer: B
A. AD Connector only provides connectivity, not managing users. C. IAM users should not need to be created in all accounts - results in admin overhead. assume role instead. D. Letting end users DIY access in AWS Management Console, AWS Directory Service user portal is not a good idea.
upvoted 6 times
...
Raphaello
Most Recent 9 months, 2 weeks ago
Selected Answer: B
Keywords: "Native AWS features should be used as much as possible" Therefore choose to use Identity Center's own directory, plus there is no mention to on-prem AD and hence AD connector does not make sense. For the same reason, using AWS Directory Service - Managed MS AD does not fit with native AWS feature. Option B is the right answer.
upvoted 2 times
...
lalee2
1 year, 1 month ago
Selected Answer: B
https://aws.amazon.com/ko/iam/identity-center/faqs/
upvoted 2 times
...
pupsik
1 year, 1 month ago
Selected Answer: B
Normally we would use AD Connector to connect to on-premises AD. But option A doesn't come close to that. Hence option B.
upvoted 4 times
...
KR693
1 year, 1 month ago
Option B
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...