Multiple Choice
The CISO of a large enterprise with multiple IT departments, each with its own AWS account, wants one central place where AWS permissions for users can be managed and users authentication credentials can be synchronized with the company's existing on-premises solution. Which solution will meet the CISO's requirements?
A) Define AWS IAM roles based on the functional responsibilities of the users in a central account. Create a SAML-based identity management provider. Map users in the on-premises groups to IAM roles. Establish trust relationships between the other accounts and the central account.
B) Deploy a common set of AWS IAM users, groups, roles, and policies in all of the AWS accounts using AWS Organizations. Implement federation between the on-premises identity provider and the AWS accounts.
C) Use AWS Organizations in a centralized account to define service control policies (SCPs) . Create a SAML-based identity management provider in each account and map users in the on-premises groups to AWS IAM roles.
D) Perform a thorough analysis of the user base and create AWS IAM users accounts that have the necessary permissions. Set up a process to provision and deprovision accounts based on data in the on-premises solution.
Correct Answer:
Verified
Correct Answer:
Verified
Q697: You are designing Internet connectivity for your
Q698: A company has a data lake in
Q699: A company has a web application that
Q700: Does Amazon RDS API provide actions to
Q701: A company has a 24 TB MySQL
Q703: A retail company processes point-of-sale data on
Q704: In CloudFormation, you cannot create an Amazon
Q705: A company has an application that sells
Q706: In the context of AWS CloudFormation, which
Q707: You are designing an intrusion detection prevention