Multiple Choice
A company has a multi-account AWS environment that includes the following: A central identity account that contains all IAM users and groups Several member accounts that contain IAM roles A SysOps administrator must grant permissions for a particular IAM group to assume a role in one of the member accounts. How should the SysOps administrator accomplish this task?
A) In the member account, add sts:AssumeRole permissions to the role's policy. In the identity account, add a trust policy to the group that specifies the account number of the member account.
B) In the member account, add the group Amazon Resource Name (ARN) to the role's trust policy. In the identity account, add an inline policy to the group with sts:AssumeRole permissions.
C) In the member account, add the group Amazon Resource Name (ARN) to the role's trust policy. In the identity account, add an inline policy to the group with sts:PassRole permissions.
D) In the member account, add the group Amazon Resource Name (ARN) to the role's inline policy. In the identity account, add a trust policy to the group with sts:AssumeRole permissions.
Correct Answer:
Verified
Correct Answer:
Verified
Q531: What does Amazon RDS stand for?<br>A) Amazon
Q532: A company is using AWS Organizations to
Q533: As part of an operational audit, an
Q534: After a particularly high AWS bill, an
Q535: A SysOps Administrator is receiving alerts related
Q537: An instance has enabled basic monitoring only
Q538: In AWS Identity and Access Management (IAM),
Q539: A custom network ACL that you create
Q540: A company website hosts patches for software
Q541: InfoSec is concerned that an employee may