ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 391 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 391
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A financial company needs to create a separate AWS account for a new digital wallet application. The company uses AWS Organizations to manage its accounts. A solutions architect uses the IAM user Support1 from the management account to create a new member account with [email protected] as the email address.

What should the solutions architect do to create IAM users in the new member account?

  • A. Sign in to the AWS Management Console with AWS account root user credentials by using the 64-character password from the initial AWS Organizations email sent to [email protected]. Set up the IAM users as required.
  • B. From the management account, switch roles to assume the OrganizationAccountAccessRole role with the account ID of the new member account. Set up the IAM users as required.
  • C. Go to the AWS Management Console sign-in page. Choose “Sign in using root account credentials.” Sign in in by using the email address finance [email protected] and the management account's root password. Set up the IAM users as required.
  • D. Go to the AWS Management Console sign-in page. Sign in by using the account ID of the new member account and the Support1 IAM credentials. Set up the IAM users as required.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by cypkir at Nov. 22, 2023, 8:05 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
vibzr2023
Highly Voted 1 year, 1 month ago
Option B correct: Key word - "OrganizationAccountAccessRole", By assuming the OrganizationAccountAccessRole, you gain temporary, controlled access to the member account without sharing root credentials or creating separate IAM users for cross-account access. This enhances security and reduces administrative overhead.
upvoted 8 times
...
AzureDP900
Most Recent 3 months ago
B is right Using IAM user credentials: The solution architect should use the Support1 IAM user credentials from the management account to create IAM users in the new member account, not the root account credentials. Assuming roles: By switching roles using the OrganizationAccountAccessRole role with the account ID of the new member account, the solution architect can access the resources and perform actions on behalf of the new member account without using the management account's root credentials.
upvoted 1 times
...
career360guru
1 year, 1 month ago
Selected Answer: B
Option B
upvoted 1 times
...
duriselvan
1 year, 1 month ago
b ISANS https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html
upvoted 1 times
...
ayadmawla
1 year, 2 months ago
Selected Answer: D
D is my answer. Those who chose B are correct about the process and the role that is created when you setup the account. But the user (Support1) that has management account access to setup a new account in the organisation automatically becomes part of the administrators in the new account that gets created and therefore will be able to access the new account with his/her credentials by specifying the new account. The root user with the 64 character password is also a valid approach but it is not a recommended one by AWS.
upvoted 1 times
LazyAutonomy
1 year ago
This is an incorrect understanding. "But the user (Support1) ... automatically becomes part of the administrators in the new account that gets created" - yes, by virtue of the cross-account OrganizationAccountAccessRole role ONLY. No IAM users are ever automatically created anywhere, ever, never ever, never ever ever. Never! :)
upvoted 3 times
...
...
FuriouZ
1 year, 2 months ago
Selected Answer: B
B as most secure way
upvoted 2 times
...
MegalodonBolado
1 year, 2 months ago
Selected Answer: B
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html
upvoted 3 times
...
J0n102
1 year, 2 months ago
Selected Answer: B
Answer: B
upvoted 3 times
...
dutchy1988
1 year, 2 months ago
quote out of article posted by thala: "When you create a member account, AWS Organizations automatically creates an AWS Identity and Management (IAM) role called OrganizationAccountAccessRole in the account. This role has full administrative permissions in the member account." B is only valid answer, assume the role and perform administrative actions
upvoted 3 times
...
thala
1 year, 2 months ago
Selected Answer: B
https://repost.aws/knowledge-center/organizations-member-account-access
upvoted 4 times
...
devalenzuela86
1 year, 2 months ago
Selected Answer: D
D is the correct answer
upvoted 1 times
...
cypkir
1 year, 2 months ago
Selected Answer: D
Answer: D
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago