Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 508 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 508
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company has an application that uses Amazon EC2 instances in an Auto Scaling group. The quality assurance (QA) department needs to launch a large number of short-lived environments to test the application. The application environments are currently launched by the manager of the department using an AWS CloudFormation template. To launch the stack, the manager uses a role with permission to use CloudFormation, EC2, and Auto Scaling APIs. The manager wants to allow testers to launch their own environments, but does not want to grant broad permissions to each user.

Which set up would achieve these goals?

  • A. Upload the AWS CloudFormation template to Amazon S3. Give users in the QA department permission to assume the manager’s role and add a policy that restricts the permissions to the template and the resources it creates. Train users to launch the template from the CloudFormation console.
  • B. Create an AWS Service Catalog product from the environment template. Add a launch constraint to the product with the existing role. Give users in the QA department permission to use AWS Service Catalog APIs only. Train users to launch the template from the AWS Service Catalog console.
  • C. Upload the AWS CloudFormation template to Amazon S3. Give users in the QA department permission to use CloudFormation and S3 APIs, with conditions that restrict the permissions to the template and the resources it creates. Train users to launch the template from the CloudFormation console.
  • D. Create an AWS Elastic Beanstalk application from the environment template. Give users in the QA department permission to use Elastic Beanstalk permissions only. Train users to launch Elastic Beanstalk environments with the Elastic Beanstalk CLI, passing the existing role to the environment as a service role.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by mifune at June 27, 2024, 10:28 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
awsaz
Highly Voted 5 months ago
Selected Answer: B
B is the answer
upvoted 6 times
...
0b43291
Most Recent 1 week, 1 day ago
Selected Answer: B
By using AWS Service Catalog, you can leverage its built-in features for self-service, launch constraints, and restricted permissions, making it the most appropriate solution for allowing testers to launch their own environments while limiting their access to only the necessary resources and actions. The other options have drawbacks or do not fully address the requirements: Option A: Granting users permission to assume the manager's role and restricting permissions through policies can be complex to manage and may still grant broader permissions than desired. Option C: Granting users direct permission to use CloudFormation and S3 APIs, even with conditions, may still provide more access than necessary and increase the risk of unintended actions. Option D: While Elastic Beanstalk can be used to launch environments, it may not provide the same level of control and customization as a CloudFormation template. Additionally, granting Elastic Beanstalk permissions may still provide more access than necessary.
upvoted 1 times
...
mifune
5 months ago
Selected Answer: B
Service Catalog, answer B
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel