ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 780 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 780
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company has hired an external vendor to perform work in the company’s AWS account. The vendor uses an automated tool that is hosted in an AWS account that the vendor owns. The vendor does not have IAM access to the company’s AWS account. The company needs to grant the vendor access to the company’s AWS account.

Which solution will meet these requirements MOST securely?

  • A. Create an IAM role in the company’s account to delegate access to the vendor’s IAM role. Attach the appropriate IAM policies to the role for the permissions that the vendor requires.
  • B. Create an IAM user in the company’s account with a password that meets the password complexity requirements. Attach the appropriate IAM policies to the user for the permissions that the vendor requires.
  • C. Create an IAM group in the company’s account. Add the automated tool’s IAM user from the vendor account to the group. Attach the appropriate IAM policies to the group for the permissions that the vendor requires.
  • D. Create an IAM user in the company’s account that has a permission boundary that allows the vendor’s account. Attach the appropriate IAM policies to the user for the permissions that the vendor requires.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Andy_09 at Feb. 6, 2024, 7:47 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Mikado211
Highly Voted 1 year ago
Selected Answer: A
When you have somebody from another account who needs a resource in your account - create a role to access to this account - allow the remote account to asume the role.
upvoted 8 times
...
Andy_09
Highly Voted 1 year, 2 months ago
Option A looks ok
upvoted 7 times
...
Salilgen
Most Recent 3 months, 3 weeks ago
Selected Answer: A
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.html
upvoted 1 times
...
JA2018
4 months, 3 weeks ago
Selected Answer: A
Least privilege principle: Using an IAM role instead of a user adheres to the least privilege principle as it only grants the vendor access to specific actions needed for their task, not full account access like a user would have. No direct access to the company account: By delegating access through a role, the vendor's IAM user in their own account does not need to have direct login credentials to the company's AWS account, enhancing security. Granular control: IAM policies attached to the role can be carefully crafted to provide only the necessary permissions for the vendor's automated tool, limiting potential damage in case of unauthorized access
upvoted 1 times
...
Scheldon
10 months ago
Selected Answer: A
AnswerA I would go with option A
upvoted 2 times
...
osmk
1 year, 2 months ago
Selected Answer: A
Question #222
upvoted 6 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago