ExamTopics Logo
Mail Usteam@examtopics.com
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 624 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 624
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company wants to provide users with access to AWS resources. The company has 1,500 users and manages their access to on-premises resources through Active Directory user groups on the corporate network. However, the company does not want users to have to maintain another identity to access the resources. A solutions architect must manage user access to the AWS resources while preserving access to the on-premises resources.

What should the solutions architect do to meet these requirements?

  • A. Create an IAM user for each user in the company. Attach the appropriate policies to each user.
  • B. Use Amazon Cognito with an Active Directory user pool. Create roles with the appropriate policies attached.
  • C. Define cross-account roles with the appropriate policies attached. Map the roles to the Active Directory groups.
  • D. Configure Security Assertion Markup Language (SAML) 2 0-based federation. Create roles with the appropriate policies attached Map the roles to the Active Directory groups.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Community vote distribution
D (89%)
11%
by dilaaziz at Nov. 4, 2023, 8:23 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment. You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
pentium75
Highly Voted 9 months ago
Selected Answer: D
Though you can federate Cognito with Active Directory, Cognito is for providing access to your own applications, NOT to AWS Resources.
upvoted 11 times
...
tsdsmth
Highly Voted 8 months, 2 weeks ago
Selected Answer: D
While Amazon Cognito can integrate with Active Directory, it is more focused on providing identity management for mobile and web applications. In this scenario, where the primary concern is integrating with existing on-premises resources, using SAML-based federation with IAM roles is more appropriate.
upvoted 8 times
...
Salilgen
Most Recent 3 months ago
Selected Answer: D
https://aws.amazon.com/blogs/security/aws-federated-authentication-with-active-directory-federation-services-ad-fs/ B is wrong because user pool is in Cognito not in Active Directory https://aws.amazon.com/blogs/security/how-to-set-up-amazon-cognito-for-federated-authentication-using-azure-ad/
upvoted 1 times
...
sangavi_vijay
9 months ago
Selected Answer: B
why its not b?
upvoted 2 times
...
TariqKipkemei
10 months ago
Selected Answer: D
Use Amazon Cognito via SAML integration. (SAML) is an open federation standard that allows an identity provider (for this case on-prem AD) to authenticate users and pass identity and security information about them to a service provider (for this case AWS). I will settle for D, because this is definitely required for this to work.
upvoted 5 times
...
NickGordon
10 months, 3 weeks ago
Selected Answer: D
D. An Amazon Cognito user pool is a user directory for WEB and MOBILE app authentication and authorization. So it is not a best option for corporate users.
upvoted 3 times
...
potomac
10 months, 4 weeks ago
Selected Answer: D
I think it is D
upvoted 2 times
...
ahlofan
11 months ago
Selected Answer: B
Access to Aws resource -> cognito, then use iam role SAML or AD -> identity pool
upvoted 2 times
pentium75
9 months ago
Cognito is for app users, to authenticate users accessing your apps. Cognito is NOT for granting access to AWS resources.
upvoted 3 times
...
...
dilaaziz
11 months ago
Selected Answer: D
https://aws.amazon.com/identity/saml/
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
AZ-500
Vienna, 1 minute ago