Multiple Choice
A company uses AWS Organization to manage 50 AWS accounts. The finance staff members logs in as AWS IAM users in the FinanceDept AWS account. The staff members need to read the consolidates billing information in the MasterPayer AWS account. They should not be able to view any other resources in the MasterPayer AWS account. IAM access to billing has been enabled in the MasterPayer account. Which of the following approaches grants the finance staff the permissions they require without granting any unnecessary permissions?
A) Create an IAM group for the finance users in the FinanceDept account, then attach the AWS managed ReadOnlyAccess IAM policy to the group.
B) Create an IAM group for the finance users in the MasterPayer account, then attach the AWS managed ReadOnlyAccess IAM policy to the group.
C) Create an AWS IAM role in the FinanceDept account with the ViewBilling permission, then grant the finance users in the MasterPayer account the permission to assume that role.
D) Create an AWS IAM role in the MasterPayer account with the ViewBilling permission, then grant the finance users in the FinanceDept account the permission to assume that role.
Correct Answer:
Verified
Correct Answer:
Verified
Q16: A company plans to migrate a sensitive
Q17: A company requires that IP packet data
Q18: A company wants to encrypt the private
Q19: An organization policy states that all encryption
Q20: An organization receives an alert that indicates
Q22: A company hosts an application on Amazon
Q23: AWS CloudTrail is being used to monitor
Q24: A company manages three separate AWS accounts
Q25: A company has multiple production AWS accounts.
Q26: A company needs to retain log data