Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 161 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 161
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company uses AWS Organizations. The company has more than 100 AWS accounts and will increase the number of accounts. The company also uses an external corporate identity provider (IdP).

The company needs to provide users with role-based access to the accounts. The solution must maximize scalability and operational efficiency.

Which solution will meet these requirements?

  • A. In each account, create a set of dedicated IAM users. Ensure that all users assume these IAM users through federation with the existing IdP.
  • B. Deploy an IAM role in a central identity account. Allow users to assume the role through federation with the existing IdP. In each account, deploy a set of IAM roles that match the desired access patterns. Include a trust policy that allows access from the central identity account. Edit the permissions policy for the role in each account to match user access requirements.
  • C. Enable AWS IAM Identity Center. Integrate IAM Identity Center with the company's existing IdP. Create permission sets that match the desired access patterns. Assign permissions to match user access requirements.
  • D. In each account, deploy a set of IAM roles that match the desired access patterns. Create a trust policy with the existing IdP. Update each role's permissions policy to use SAML-based IAM condition keys that are based on user access requirements.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by aescudero51 at June 1, 2024, 4:11 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
navid1365
2 months ago
Selected Answer: C
C: AWS IAM Identity Center (successor to AWS Single Sign-On (SSO)) is designed to provide centralized access management across multiple AWS accounts and integrates with external identity providers. This makes it scalable and efficient for managing access to a large number of AWS accounts.
upvoted 2 times
...
kupo777
2 months, 3 weeks ago
C is correct. Choice B is too operationally inefficient to realize given that there are over 100 AWS accounts and the number of accounts will grow.
upvoted 2 times
...
Arad
3 months, 1 week ago
Selected Answer: C
C is correct.
upvoted 3 times
...
cumzle_com
3 months, 1 week ago
Selected Answer: B
key word : The company needs to provide users with role-based access to the accounts
upvoted 1 times
...
RaniaSaeedB
3 months, 2 weeks ago
Selected Answer: C
This solution provides centralized management, reducing operational overhead. IAM Identity Center (AWS Single Sign-On) scales easily across multiple accounts and integrates well with external IdPs. It allows for centralized creation and management of permission sets, ensuring efficient and secure role-based access.
upvoted 3 times
...
PegasusForever
3 months, 3 weeks ago
C - Option B involves a more complex and less scalable setup. Option C, on the other hand, offers a centralized, scalable, and efficient solution for managing role-based access across a large and growing number of AWS accounts. The use of AWS IAM Identity Center simplifies the integration with external IdPs and provides a streamlined approach to managing permissions, making it the preferred choice for maximizing scalability and operational efficiency.
upvoted 3 times
...
aescudero51
4 months ago
Selected Answer: B
Answer is B A. Dedicated IAM Users: This creates a massive number of identities to manage, becoming cumbersome and error-prone as the number of accounts increases. C. IAM Identity Center: While IAM Identity Center offers centralized management, it's a separate service that might introduce additional complexity in this scenario. D. SAML-based IAM condition keys: While this allows for fine-grained access control, it can become complex to manage permissions policies for a large number of roles across accounts. Therefore, option B provides the best balance between scalability, operational efficiency, and leveraging existing infrastructure for user access control.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel