Multiple Choice
A large corporation is creating a multi-account strategy and needs to determine how its employees should access the AWS Infrastructure. Which of the following solutions would provide the MOST scalable solution?
A) Create dedicated IAM users within each AWS account that employees can assume though federation based upon group membership in their existing identity provider.
B) Use a centralized account with IAM roles that employees can assume through federation with their existing identity provider. Use cross-account roles to allow the federated users to assume their target role in the resource accounts.
C) Configure the AWS Security Token Service to use Kerberos tokens so that users can use their existing corporate user names and passwords to access AWS resources directly.
D) Configure the IAM trust policies within each account's role to set up a trust back to the corporation's existing identity provider, allowing users to assume the role based off their SAML token.
Correct Answer:
Verified
Correct Answer:
Verified
Q68: A security engineer received an Amazon GuardDuty
Q69: A company uses identity federation to authenticate
Q70: A Security Engineer manages AWS Organizations for
Q71: The Development team receives an error message
Q72: A company has a VPC with several
Q74: A security team is responsible for reviewing
Q75: The Security Engineer is managing a traditional
Q76: A company's Developers plan to migrate their
Q77: Auditors for a health care company have
Q78: An organization is using AWS CloudTrail, Amazon