Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 804 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 804
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company has an environment that has a single AWS account. A solutions architect is reviewing the environment to recommend what the company could improve specifically in terms of access to the AWS Management Console. The company's IT support workers currently access the console for administrative tasks, authenticating with named IAM users that have been mapped to their job role.
The IT support workers no longer want to maintain both their Active Directory and IAM user accounts. They want to be able to access the console by using their existing Active Directory credentials. The solutions architect is using AWS Single Sign-On (AWS SSO) to implement this functionality.
Which solution will meet these requirements MOST cost-effectively?

  • A. Create an organization in AWS Organizations. Turn on the AWS SSO feature in Organizations Create and configure a directory in AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) with a two-way trust to the company's on-premises Active Directory. Configure AWS SSO and set the AWS Managed Microsoft AD directory as the identity source. Create permission sets and map them to the existing groups within the AWS Managed Microsoft AD directory.
  • B. Create an organization in AWS Organizations. Turn on the AWS SSO feature in Organizations Create and configure an AD Connector to connect to the company's on-premises Active Directory. Configure AWS SSO and select the AD Connector as the identity source. Create permission sets and map them to the existing groups within the company's Active Directory.
  • C. Create an organization in AWS Organizations. Turn on all features for the organization. Create and configure a directory in AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) with a two-way trust to the company's on-premises Active Directory. Configure AWS SSO and select the AWS Managed Microsoft AD directory as the identity source. Create permission sets and map them to the existing groups within the AWS Managed Microsoft AD directory.
  • D. Create an organization in AWS Organizations. Turn on all features for the organization. Create and configure an AD Connector to connect to the company's on-premises Active Directory. Configure AWS SSO and select the AD Connector as the identity source. Create permission sets and map them to the existing groups within the company's Active Directory.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by cldy at Jan. 1, 2022, 6:23 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
m0h3n
Highly Voted 2 years, 8 months ago
Ans D Refer the link for enabling org features. https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html
upvoted 9 times
user0001
2 years, 4 months ago
D because Create and configure an AD Connector to connect to the company's on-premises Active Directory company to use their AD only
upvoted 1 times
...
...
tkanmani76
Highly Voted 2 years, 8 months ago
B - AD Connector to connect to On-premise directory. SSO should be enabled at Org level.
upvoted 6 times
...
yama234
Most Recent 1 year, 4 months ago
D is Ans A, C is wrong because you can use AWS Managed Microsoft AD in the cloud to manage your users and groups in the cloud, if you don’t have an on-premises Active Directory or don’t want to connect to on-premises Active Directory. https://aws.amazon.com/blogs/security/introducing-aws-single-sign-on/ A is wrong because AWS Organizations has two available feature sets: - All features - Consolidated Billing features https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html
upvoted 2 times
yama234
1 year, 4 months ago
sorry, B is wrong because AWS Organizations has two available feature sets:
upvoted 1 times
...
...
evargasbrz
1 year, 9 months ago
Selected Answer: D
I'll go with D
upvoted 1 times
...
Rocketeer
2 years, 1 month ago
D Need All Features enabled first https://docs.aws.amazon.com/singlesignon/latest/userguide/prereqs.html
upvoted 2 times
[Removed]
1 year, 12 months ago
New link: https://docs.aws.amazon.com/singlesignon/latest/userguide/get-started-prereqs-considerations.html If you've already set up AWS Organizations, make sure that all features are enabled.
upvoted 2 times
...
...
asfsdfsdf
2 years, 2 months ago
Selected Answer: D
not A and B for sure - must enable all features in order to use AWS SSO Both C and D are correct only D is cost effective.
upvoted 2 times
...
aandc
2 years, 3 months ago
D: Before you can set up AWS SSO, you must: Have first set up the AWS Organizations service and have All features set to enabled. For more information about this setting, see Enabling All Features in Your Organization in the AWS Organizations User Guide.
upvoted 1 times
...
jyrajan69
2 years, 3 months ago
Before you can set up AWS SSO, you must: Have first set up the AWS Organizations service and have All features set to enabled. For more information about this setting, see Enabling All Features in Your Organization in the AWS Organizations User Guide. ..So the answer definitely D
upvoted 1 times
...
bobsmith2000
2 years, 4 months ago
Selected Answer: D
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_create.html#create-org During an org creation the one is able to choose between all features or Consolidated Billing features only.
upvoted 2 times
...
Ryannn
2 years, 5 months ago
Selected Answer: C
C is correct. https://docs.aws.amazon.com/singlesignon/latest/userguide/prereqs.html
upvoted 1 times
sb333
2 years ago
C is not correct. You would need to configure a sync scope, which is a list you define of users and groups to sync from on-premises AD. This would not come from the AWS Managed Microsoft AD, as stated in this question. It has to come from the on-premises AD, which is what the question requires. So that makes this answer wrong and why Answer D is correct, as that solution queries the on-premises AD directly. https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-users-from-ad-configurable-ADsync.html
upvoted 1 times
...
...
usmanbaigmughal
2 years, 7 months ago
B. D is wrong because no need to enable all org features. only SSO is required to connect with AD connector
upvoted 5 times
...
tkanmani76
2 years, 7 months ago
D is right.
upvoted 3 times
...
Juks
2 years, 7 months ago
B is the correct answer. AD connector and to use AWS SSO with AWS Organizations, you must first Enable AWS SSO, which grants AWS SSO the capability to create Service-linked roles in each account in your AWS organization" https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html
upvoted 2 times
delfnec
2 years, 4 months ago
you are right but Before you can set up AWS SSO, you must: Have first set up the AWS Organizations service and have All features set to enabled.
upvoted 1 times
...
...
cldy
2 years, 9 months ago
D: Turn ON all Org features + AD Connector.
upvoted 5 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel