Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 761 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 761
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company needs to use its on-premises LDAP directory service to authenticate its users to the AWS Management Console. The directory service is not compatible with Security Assertion Markup Language (SAML).

Which solution meets these requirements?

  • A. Enable AWS IAM Identity Center (AWS Single Sign-On) between AWS and the on-premises LDAP.
  • B. Create an IAM policy that uses AWS credentials, and integrate the policy into LDAP.
  • C. Set up a process that rotates the IAM credentials whenever LDAP credentials are updated.
  • D. Develop an on-premises custom identity broker application or process that uses AWS Security Token Service (AWS STS) to get short-lived credentials.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by kempes at Feb. 7, 2024, 11:26 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
kempes
Highly Voted 9 months, 2 weeks ago
Selected Answer: D
The solution that best meets the requirements. This approach provides a pathway for authenticating LDAP users to AWS without requiring direct LDAP to AWS IAM Identity Center integration or SAML compatibility, offering a flexible and secure method to extend on-premises authentication mechanisms to AWS services.
upvoted 8 times
aditianand
6 months, 1 week ago
Why not option A A. Enable AWS IAM Identity Center (AWS Single Sign-On) between AWS and the on-premises LDAP.
upvoted 1 times
NSA_Poker
5 months, 1 week ago
(A) is incorrect bc to use AWS IAM Identity Center (AWS Single Sign-On) with an external IdP, you need SAML.
upvoted 3 times
...
...
...
Scheldon
Most Recent 5 months ago
Selected Answer: D
AnswerD
upvoted 1 times
...
ike001
5 months, 1 week ago
D is the answer
upvoted 1 times
...
NSA_Poker
5 months, 1 week ago
Selected Answer: D
Identity federation can be accomplished in one of three ways. (1) Use a corporate IdP (such as Microsoft Active Directory) or a custom identity broker application. Each option uses AWS STS. (2) Create an integration that uses Security Assertion Markup Language (SAML). (3) Use a web identity provider, such as Amazon Cognito.
upvoted 1 times
1e22522
3 months, 2 weeks ago
YEA SURE FED
upvoted 1 times
...
...
TwinSpark
6 months ago
Selected Answer: D
option D As per described here: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_federated-users.html#id_roles_common-scenarios_federated-users-idbroker option A is wrong becouse for use SSO need to be compatible with SAML (at least this is what i understand from here: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_federated-users.html#id_roles_common-scenarios_federated-users-saml20 )
upvoted 1 times
...
Naveena_Devanga
9 months ago
Option D A custom identity broker application can be built to perform a similar function to an identity store that is not compatible with SAML 2.0. The broker application authenticates users, requests temporary credentials from AWS, and provides them to the user to access AWS resources.
upvoted 1 times
aditianand
6 months, 1 week ago
Why not option A A. Enable AWS IAM Identity Center (AWS Single Sign-On) between AWS and the on-premises LDAP.
upvoted 1 times
...
...
jaswantn
9 months, 1 week ago
If your identity store is not compatible with SAML 2.0, then you can build a custom identity broker application to perform a similar function. .....option D
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel