ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 334 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 334
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company is migrating its infrastructure to the AWS Cloud. The company must comply with a variety of regulatory standards for different projects. The company needs a multi-account environment.

A solutions architect needs to prepare the baseline infrastructure. The solution must provide a consistent baseline of management and security, but it must allow flexibility for different compliance requirements within various AWS accounts. The solution also needs to integrate with the existing on-premises Active Directory Federation Services (AD FS) server.

Which solution meets these requirements with the LEAST amount of operational overhead?

  • A. Create an organization in AWS Organizations. Create a single SCP for least privilege access across all accounts. Create a single OU for all accounts. Configure an IAM identity provider for federation with the on-premises AD FS server. Configure a central logging account with a defined process for log generating services to send log events to the central account. Enable AWS Config in the central account with conformance packs for all accounts.
  • B. Create an organization in AWS Organizations. Enable AWS Control Tower on the organization. Review included controls (guardrails) for SCPs. Check AWS Config for areas that require additions. Add OUs as necessary. Connect AWS IAM Identity Center (AWS Single Sign-On) to the on-premises AD FS server.
  • C. Create an organization in AWS Organizations. Create SCPs for least privilege access. Create an OU structure, and use it to group AWS accounts. Connect AWS IAM Identity Center (AWS Single Sign-On) to the on-premises AD FS server. Configure a central logging account with a defined process for log generating services to send log events to the central account. Enable AWS Config in the central account with aggregators and conformance packs.
  • D. Create an organization in AWS Organizations. Enable AWS Control Tower on the organization. Review included controls (guardrails) for SCPs. Check AWS Config for areas that require additions. Configure an IAM identity provider for federation with the on-premises AD FS server.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by devalenzuela86 at Nov. 21, 2023, 9:38 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
trungtd
10 months, 2 weeks ago
Selected Answer: B
LEAST operational overhead: Control Tower Intergate with existing AD: IAM Identity Center
upvoted 1 times
...
titi_r
11 months, 2 weeks ago
Very poorly worded question. One must CONFIGURE (external) identity provider... but what does it mean: (B) "connect IAM IC to on-prem ADFS" or (C) "configure an IAM identity provider"!?!? We have to guess what's the author wanted to say :(
upvoted 1 times
...
AMYMY
1 year, 2 months ago
Key point is "Flexibility" nd least operational overhead,So I'll go with Opt B
upvoted 2 times
...
dankositzke
1 year, 2 months ago
Selected Answer: B
B. because: (1) “Least amount of operational overhead”requirement is met with Control Tower. Control Tower automates the creation of a well-architected, multi-account environment using best-practice blueprints, and (2) IAM Identity Center is the recommended approach for workforce authentication and authorization
upvoted 3 times
...
vibzr2023
1 year, 3 months ago
Answer: B A. Manual setup: Requires more manual configuration and maintenance, increasing operational overhead. C. Central logging and Config setup: While valuable, these components add complexity and management overhead. Control Tower can automate their setup and management. D. IAM identity provider: Doesn't leverage Control Tower's automation and centralized management features, leading to more manual effort.
upvoted 2 times
...
career360guru
1 year, 3 months ago
Selected Answer: B
Option B
upvoted 1 times
...
GaryQian
1 year, 4 months ago
Selected Answer: B
B is better over D as it mentions OU.
upvoted 2 times
...
salazar35
1 year, 5 months ago
Selected Answer: B
B over D, should add OU
upvoted 2 times
...
HunkyBunky
1 year, 5 months ago
Selected Answer: B
B or C, but B - provides LEAST amount of operational overhead
upvoted 2 times
...
devalenzuela86
1 year, 5 months ago
Selected Answer: B
B for sure
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago