exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 161 discussion

A company uses AWS Organizations. The company has more than 100 AWS accounts and will increase the number of accounts. The company also uses an external corporate identity provider (IdP).

The company needs to provide users with role-based access to the accounts. The solution must maximize scalability and operational efficiency.

Which solution will meet these requirements?

  • A. In each account, create a set of dedicated IAM users. Ensure that all users assume these IAM users through federation with the existing IdP.
  • B. Deploy an IAM role in a central identity account. Allow users to assume the role through federation with the existing IdP. In each account, deploy a set of IAM roles that match the desired access patterns. Include a trust policy that allows access from the central identity account. Edit the permissions policy for the role in each account to match user access requirements.
  • C. Enable AWS IAM Identity Center. Integrate IAM Identity Center with the company's existing IdP. Create permission sets that match the desired access patterns. Assign permissions to match user access requirements.
  • D. In each account, deploy a set of IAM roles that match the desired access patterns. Create a trust policy with the existing IdP. Update each role's permissions policy to use SAML-based IAM condition keys that are based on user access requirements.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
navid1365
4 months ago
Selected Answer: C
C: AWS IAM Identity Center (successor to AWS Single Sign-On (SSO)) is designed to provide centralized access management across multiple AWS accounts and integrates with external identity providers. This makes it scalable and efficient for managing access to a large number of AWS accounts.
upvoted 2 times
...
kupo777
4 months, 3 weeks ago
C is correct. Choice B is too operationally inefficient to realize given that there are over 100 AWS accounts and the number of accounts will grow.
upvoted 2 times
...
Arad
5 months, 1 week ago
Selected Answer: C
C is correct.
upvoted 3 times
...
cumzle_com
5 months, 1 week ago
Selected Answer: B
key word : The company needs to provide users with role-based access to the accounts
upvoted 1 times
...
RaniaSaeedB
5 months, 2 weeks ago
Selected Answer: C
This solution provides centralized management, reducing operational overhead. IAM Identity Center (AWS Single Sign-On) scales easily across multiple accounts and integrates well with external IdPs. It allows for centralized creation and management of permission sets, ensuring efficient and secure role-based access.
upvoted 3 times
...
PegasusForever
5 months, 3 weeks ago
C - Option B involves a more complex and less scalable setup. Option C, on the other hand, offers a centralized, scalable, and efficient solution for managing role-based access across a large and growing number of AWS accounts. The use of AWS IAM Identity Center simplifies the integration with external IdPs and provides a streamlined approach to managing permissions, making it the preferred choice for maximizing scalability and operational efficiency.
upvoted 3 times
...
aescudero51
6 months, 1 week ago
Selected Answer: B
Answer is B A. Dedicated IAM Users: This creates a massive number of identities to manage, becoming cumbersome and error-prone as the number of accounts increases. C. IAM Identity Center: While IAM Identity Center offers centralized management, it's a separate service that might introduce additional complexity in this scenario. D. SAML-based IAM condition keys: While this allows for fine-grained access control, it can become complex to manage permissions policies for a large number of roles across accounts. Therefore, option B provides the best balance between scalability, operational efficiency, and leveraging existing infrastructure for user access control.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...