exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 804 discussion

A company has an environment that has a single AWS account. A solutions architect is reviewing the environment to recommend what the company could improve specifically in terms of access to the AWS Management Console. The company's IT support workers currently access the console for administrative tasks, authenticating with named IAM users that have been mapped to their job role.
The IT support workers no longer want to maintain both their Active Directory and IAM user accounts. They want to be able to access the console by using their existing Active Directory credentials. The solutions architect is using AWS Single Sign-On (AWS SSO) to implement this functionality.
Which solution will meet these requirements MOST cost-effectively?

  • A. Create an organization in AWS Organizations. Turn on the AWS SSO feature in Organizations Create and configure a directory in AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) with a two-way trust to the company's on-premises Active Directory. Configure AWS SSO and set the AWS Managed Microsoft AD directory as the identity source. Create permission sets and map them to the existing groups within the AWS Managed Microsoft AD directory.
  • B. Create an organization in AWS Organizations. Turn on the AWS SSO feature in Organizations Create and configure an AD Connector to connect to the company's on-premises Active Directory. Configure AWS SSO and select the AD Connector as the identity source. Create permission sets and map them to the existing groups within the company's Active Directory.
  • C. Create an organization in AWS Organizations. Turn on all features for the organization. Create and configure a directory in AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) with a two-way trust to the company's on-premises Active Directory. Configure AWS SSO and select the AWS Managed Microsoft AD directory as the identity source. Create permission sets and map them to the existing groups within the AWS Managed Microsoft AD directory.
  • D. Create an organization in AWS Organizations. Turn on all features for the organization. Create and configure an AD Connector to connect to the company's on-premises Active Directory. Configure AWS SSO and select the AD Connector as the identity source. Create permission sets and map them to the existing groups within the company's Active Directory.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
m0h3n
Highly Voted 2 years, 10 months ago
Ans D Refer the link for enabling org features. https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html
upvoted 9 times
user0001
2 years, 6 months ago
D because Create and configure an AD Connector to connect to the company's on-premises Active Directory company to use their AD only
upvoted 1 times
...
...
tkanmani76
Highly Voted 2 years, 10 months ago
B - AD Connector to connect to On-premise directory. SSO should be enabled at Org level.
upvoted 6 times
...
yama234
Most Recent 1 year, 6 months ago
D is Ans A, C is wrong because you can use AWS Managed Microsoft AD in the cloud to manage your users and groups in the cloud, if you don’t have an on-premises Active Directory or don’t want to connect to on-premises Active Directory. https://aws.amazon.com/blogs/security/introducing-aws-single-sign-on/ A is wrong because AWS Organizations has two available feature sets: - All features - Consolidated Billing features https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html
upvoted 2 times
yama234
1 year, 6 months ago
sorry, B is wrong because AWS Organizations has two available feature sets:
upvoted 1 times
...
...
evargasbrz
1 year, 11 months ago
Selected Answer: D
I'll go with D
upvoted 1 times
...
Rocketeer
2 years, 3 months ago
D Need All Features enabled first https://docs.aws.amazon.com/singlesignon/latest/userguide/prereqs.html
upvoted 2 times
[Removed]
2 years, 1 month ago
New link: https://docs.aws.amazon.com/singlesignon/latest/userguide/get-started-prereqs-considerations.html If you've already set up AWS Organizations, make sure that all features are enabled.
upvoted 2 times
...
...
asfsdfsdf
2 years, 4 months ago
Selected Answer: D
not A and B for sure - must enable all features in order to use AWS SSO Both C and D are correct only D is cost effective.
upvoted 2 times
...
aandc
2 years, 5 months ago
D: Before you can set up AWS SSO, you must: Have first set up the AWS Organizations service and have All features set to enabled. For more information about this setting, see Enabling All Features in Your Organization in the AWS Organizations User Guide.
upvoted 1 times
...
jyrajan69
2 years, 5 months ago
Before you can set up AWS SSO, you must: Have first set up the AWS Organizations service and have All features set to enabled. For more information about this setting, see Enabling All Features in Your Organization in the AWS Organizations User Guide. ..So the answer definitely D
upvoted 1 times
...
bobsmith2000
2 years, 6 months ago
Selected Answer: D
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_create.html#create-org During an org creation the one is able to choose between all features or Consolidated Billing features only.
upvoted 2 times
...
Ryannn
2 years, 7 months ago
Selected Answer: C
C is correct. https://docs.aws.amazon.com/singlesignon/latest/userguide/prereqs.html
upvoted 1 times
sb333
2 years, 2 months ago
C is not correct. You would need to configure a sync scope, which is a list you define of users and groups to sync from on-premises AD. This would not come from the AWS Managed Microsoft AD, as stated in this question. It has to come from the on-premises AD, which is what the question requires. So that makes this answer wrong and why Answer D is correct, as that solution queries the on-premises AD directly. https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-users-from-ad-configurable-ADsync.html
upvoted 1 times
...
...
usmanbaigmughal
2 years, 9 months ago
B. D is wrong because no need to enable all org features. only SSO is required to connect with AD connector
upvoted 5 times
...
tkanmani76
2 years, 9 months ago
D is right.
upvoted 3 times
...
Juks
2 years, 9 months ago
B is the correct answer. AD connector and to use AWS SSO with AWS Organizations, you must first Enable AWS SSO, which grants AWS SSO the capability to create Service-linked roles in each account in your AWS organization" https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html
upvoted 2 times
delfnec
2 years, 6 months ago
you are right but Before you can set up AWS SSO, you must: Have first set up the AWS Organizations service and have All features set to enabled.
upvoted 1 times
...
...
cldy
2 years, 11 months ago
D: Turn ON all Org features + AD Connector.
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...