ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 360 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 360
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A financial services company has an asset management product that thousands of customers use around the world. The customers provide feedback about the product through surveys. The company is building a new analytical solution that runs on Amazon EMR to analyze the data from these surveys. The following user personas need to access the analytical solution to perform different actions:

• Administrator: Provisions the EMR cluster for the analytics team based on the team’s requirements
• Data engineer: Runs ETL scripts to process, transform, and enrich the datasets
• Data analyst: Runs SQL and Hive queries on the data

A solutions architect must ensure that all the user personas have least privilege access to only the resources that they need. The user personas must be able to launch only applications that are approved and authorized. The solution also must ensure tagging for all resources that the user personas create.

Which solution will meet these requirements?

  • A. Create IAM roles for each user persona. Attach identity-based policies to define which actions the user who assumes the role can perform. Create an AWS Config rule to check for noncompliant resources. Configure the rule to notify the administrator to remediate the noncompliant resources.
  • B. Setup Kerberos-based authentication for EMR clusters upon launch. Specify a Kerberos security configuration along with cluster-specific Kerberos options.
  • C. Use AWS Service Catalog to control the Amazon EMR versions available for deployment, the cluster configuration, and the permissions for each user persona.
  • D. Launch the EMR cluster by using AWS CloudFormation, Attach resource-based policies to the EMR cluster during cluster creation. Create an AWS. Config rule to check for noncompliant clusters and noncompliant Amazon S3 buckets. Configure the rule to notify the administrator to remediate the noncompliant resources.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by cypkir at Nov. 22, 2023, 7:37 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
career360guru
Highly Voted 1 year, 1 month ago
Selected Answer: C
Option C. Option A does not provide control over deployment of resources and configurations.
upvoted 5 times
...
AzureDP900
Most Recent 3 months ago
Using AWS Service Catalog (Option C) to control the Amazon EMR versions available for deployment, the cluster configuration, and the permissions for each user persona meets all the requirements: It provides a centralized management interface for IT services It allows you to define and enforce policies for resource provisioning and access control It enables you to manage multiple instances of an application (in this case, EMR clusters) from a single console
upvoted 1 times
...
AloraCloud
4 months, 1 week ago
Why not Option A is because it involves creating IAM roles and attaching identity-based policies, which is solid. But it relies on AWS Config rules to ensure compliance, which adds an extra layer of management and potential lag in remediation. AWS Service Catalog, on the other hand, simplifies control over EMR versions, configurations, and permissions, and it also enforces resource tagging directly during deployment, making it more efficient and streamlined for managing access and compliance.
upvoted 1 times
...
gfhbox0083
7 months, 1 week ago
Selected Answer: C
C, for sure. AWS Service Catalog ensures that all resources created are compliant with the organization's policies, including mandatory tagging.
upvoted 1 times
...
JMAN1
1 year, 1 month ago
Selected Answer: C
C because tagging ensured by Service Catalogue.
upvoted 3 times
...
vibzr2023
1 year, 1 month ago
Selected Answer: C Option A: While IAM roles and identity-based policies offer user-level control, they lack the functionality for managing EMR deployment options and configurations centrally.
upvoted 1 times
...
awsamar
1 year, 2 months ago
Selected Answer: C
keyword here are: "...only applications that are approved and authorized..." Only C provides this
upvoted 4 times
...
ayadmawla
1 year, 2 months ago
Selected Answer: A
A - IAM Roles define actions Service Catalogue is about resources (EMR)
upvoted 4 times
ayadmawla
1 year, 2 months ago
it seems that I was wrong and C is the approach as per: https://aws.amazon.com/blogs/big-data/build-a-self-service-environment-for-each-line-of-business-using-amazon-emr-and-aws-service-catalog/
upvoted 5 times
...
...
shaaam80
1 year, 2 months ago
Please vote your answers rather than just commenting. It skews the vote % for someone who doesnt read all the comments.
upvoted 1 times
...
dutchy1988
1 year, 2 months ago
It seems that AWS is upselling AWS Service Catalog here with this question. Some key parts in this question: 1. Least privilige access 2. launch only approved and authorized applications 3. ensure tagging.
upvoted 2 times
dutchy1988
1 year, 2 months ago
due to point 3, all options with AWS config rule are out since it only measures if you are compliant, so that means tagging is not ensured upfront. A and D are out! B doenst fullfill the requirement for tagging and even more, is kerberos really helpfull here?
upvoted 2 times
dutchy1988
1 year, 2 months ago
Leaves only C, quote from https://aws.amazon.com/servicecatalog/ Create, organize, and govern a curated catalog of AWS resources that can be shared at the permissions level so you can quickly provision approved cloud resources without needing direct access to the underlying AWS services. -> meets only allowed and authorized application launch. AutoTag fulfills the requirement to tag resources with creator -> aws:servicecatalog:provisioningPrincipalArn - The ARN of the provisioning principal (user) who created the provisioned product. this can only be AWS Server Catalog. and please stop seeding GPT answers! do your own research.
upvoted 4 times
...
...
...
PouyaK
1 year, 2 months ago
Answer A - The answers from Chat GPT are inaccurate and untrustable.
upvoted 3 times
...
shaaam80
1 year, 2 months ago
Selected Answer: C
From GPT: AWS Service Catalog allows you to control and manage access to resources by defining portfolios and products with specific permissions. Allows you to create portfolios with approved and authorized applications, ensuring that only the specified applications are launched. AWS Service Catalog can enforce tagging on provisioned resources, ensuring that all resources created by the user personas are appropriately tagged.
upvoted 3 times
...
heatblur
1 year, 2 months ago
Selected Answer: C
C is correct: AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. This is ideal for controlling which Amazon EMR versions and cluster configurations are available to users. Specific cluster configurations and permissions can be set for each user persona, ensuring they have only the access they need. This meets the least privilege principle. The Service Catalog can be configured to allow users to launch only certain applications, ensuring adherence to company policies on approved and authorized software. It also supports resource tagging.
upvoted 3 times
...
devalenzuela86
1 year, 2 months ago
A is correct Aws: To ensure that all user personas have least privilege access to only the resources they need, can launch only approved and authorized applications, and ensure tagging for all resources that the user personas create, a solutions architect can consider the following steps: 1. IAM roles for each user persona. Attach identity-based policies to define which actions the user who assumes the role can perform. 2.Create an AWS Config rule to check for noncompliant resources. Configure the rule to notify the administrator to remediate the noncompliant resources.
upvoted 1 times
...
cypkir
1 year, 2 months ago
Selected Answer: C
Answer: C
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago