exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 708 discussion

A financial company needs to create a separate AWS account for a new digital wallet application. The company uses AWS Organizations to manage its accounts.
A solutions architect uses the IAM user Support1 from the master account to create a new member account with [email protected] as the email address.
What should the solutions architect do to create IAM users in the new member account?

  • A. Sign in to the AWS Management Console with AWS account root user credentials by using the 64-character password from the initial AWS Organizations email sent to [email protected]. Set up the IAM users as required.
  • B. From the master account, switch roles to assume the OrganizationAccountAccessRole role with the account ID of the new member account. Set up the IAM users as required.
  • C. Go to the AWS Management Console sign-in page. Choose ג€Sign in using root account credentials.ג€ Sign in by using the email address [email protected] and the master account's root password. Set up the IAM users as required.
  • D. Go to the AWS Management Console sign-in page. Sign in by using the account ID of the new member account and the Support1 IAM credentials. Set up the IAM users as required.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
wasabidev
Highly Voted 3 years, 2 months ago
B. A wrong because "When you create an account, AWS Organizations initially assigns a long (64 characters), complex, randomly generated password to the root user. You can't retrieve this initial password. To access the account as the root user for the first time, you must go through the process for password recovery. "
upvoted 16 times
RVivek
2 years, 9 months ago
Good explanation. Yes. B is the answer. Aditional inforatonhttps://aws.amazon.com/premiumsupport/knowledge-center/organizations-member-account-access/
upvoted 1 times
...
...
vkbajoria
Highly Voted 3 years, 1 month ago
it is B for me. It makes more sense
upvoted 6 times
...
dev112233xx
Most Recent 1 year, 7 months ago
B when the master creates a new member account then can switch to it without cross-account trust role (because it will be created automatically)
upvoted 1 times
...
janvandermerwer
2 years ago
Selected Answer: B
B for sure - Have had to use this option regularly at work. Would still recommend resetting the password of the root account however.
upvoted 1 times
...
dcdcdc3
2 years, 2 months ago
Not A because an email with password is never sent when creating the account form Orgs
upvoted 1 times
...
dcdcdc3
2 years, 2 months ago
Selected Answer: B
B. As added value I would always want to reset the root password once, set mfa and vault both. If not, email admins can get themselves access in the future.
upvoted 2 times
...
Student1950
2 years, 10 months ago
A is the correct answer. Reason: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html When an invited account joins your organization, you do not automatically have full administrator control over the account, unlike created accounts. If you want the management account to have full administrative control over an invited member account, you must create the OrganizationAccountAccessRole IAM role in the member account and grant permission to the management account to assume the role. When you create an account in your organization instead of inviting an existing account to join, AWS Organizations automatically creates an IAM role (named OrganizationAccountAccessRole by default) that you can use to grant users in the management account administrator access to the created account.
upvoted 1 times
Byrney
2 years ago
This part is exactly what option B is: "When you create an account in your organization instead of inviting an existing account to join, AWS Organizations automatically creates an IAM role (named OrganizationAccountAccessRole by default) that you can use to grant users in the management account administrator access to the created account."
upvoted 1 times
...
...
AzureDP900
2 years, 12 months ago
OrganizationAccountAccessRole is keyword here. B is right
upvoted 2 times
...
AzureDP900
2 years, 12 months ago
B is right answer
upvoted 2 times
...
cldy
2 years, 12 months ago
B. From the master account, switch roles to assume the OrganizationAccountAccessRole role with the account ID of the new member account. Set up the IAM users as required.
upvoted 1 times
...
acloudguru
3 years ago
Selected Answer: B
When you create a new member account, Organizations sets an initial password for that account that can't be retrieved. To access the account as the root user for the first time, follow these instructions to reset the initial password. https://aws.amazon.com/premiumsupport/knowledge-center/organizations-member-account-access/
upvoted 2 times
...
Smartphone
3 years ago
The correct option is A. Please see read the below link for the reference. https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html
upvoted 3 times
...
andylogan
3 years ago
It's B
upvoted 1 times
...
Kopa
3 years, 1 month ago
Im for B, in Neal Davis we practice this often on labs
upvoted 3 times
...
tgv
3 years, 1 month ago
BBB ---
upvoted 1 times
...
blackgamer
3 years, 1 month ago
Answer is B
upvoted 1 times
...
WhyIronMan
3 years, 1 month ago
I'll go with B https://aws.amazon.com/premiumsupport/knowledge-center/organizations-member-account-access/
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago