exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 688 discussion

A company manages AWS accounts in AWS Organizations. AWS IAM Identity Center (AWS Single Sign-On) and AWS Control Tower are configured for the accounts. The company wants to manage multiple user permissions across all the accounts.

The permissions will be used by multiple IAM users and must be split between the developer and administrator teams. Each team requires different permissions. The company wants a solution that includes new users that are hired on both teams.

Which solution will meet these requirements with the LEAST operational overhead?

  • A. Create individual users in IAM Identity Center for each account. Create separate developer and administrator groups in IAM Identity Center. Assign the users to the appropriate groups. Create a custom IAM policy for each group to set fine-grained permissions.
  • B. Create individual users in IAM Identity Center for each account. Create separate developer and administrator groups in IAM Identity Center. Assign the users to the appropriate groups. Attach AWS managed IAM policies to each user as needed for fine-grained permissions.
  • C. Create individual users in IAM Identity Center. Create new developer and administrator groups in IAM Identity Center. Create new permission sets that include the appropriate IAM policies for each group. Assign the new groups to the appropriate accounts. Assign the new permission sets to the new groups. When new users are hired, add them to the appropriate group.
  • D. Create individual users in IAM Identity Center. Create new permission sets that include the appropriate IAM policies for each user. Assign the users to the appropriate accounts. Grant additional IAM permissions to the users from within specific accounts. When new users are hired, add them to IAM Identity Center and assign them to the accounts.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
LeonSauveterre
3 months, 2 weeks ago
Selected Answer: C
I would: 1. Use AWS IAM Identity Center (SSO) to centrally manage user access across all accounts. 2. Create Permission Sets in Identity Center: - One for the Developer Team, granting access to resources with developer-specific permissions (AmazonEC2FullAccess or custom policies or something). - Another one for the Administrator Team, granting administrator-specific permissions (AdministratorAccess or something). 3. Sync users and groups from the corporate identity provider (or manage groups directly in IAM Identity Center) to automatically apply these permissions. 4. Assign these Permission Sets to groups of users in Identity Center rather than individuals, ensuring new users automatically inherit the appropriate permissions based on their group. That's why you choose C, with the least operational overhead.
upvoted 1 times
...
xBUGx
6 months, 2 weeks ago
Selected Answer: C
C is least overhead
upvoted 1 times
...
1Alpha1
7 months, 3 weeks ago
Selected Answer: C
Check out this one. https://www.youtube.com/watch?v=y_n9xN5mg1g
upvoted 1 times
...
Moon239
7 months, 3 weeks ago
Selected Answer: C
https://docs.aws.amazon.com/controltower/latest/userguide/sso.html
upvoted 2 times
...
Cali182
7 months, 3 weeks ago
Selected Answer: C
Correct is C
upvoted 2 times
...
Andy_09
7 months, 3 weeks ago
The correct answer should be C
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago