Multiple Choice
An organization has two AWS accounts: Development and Production. A SysOps Administrator manages access of IAM users to both accounts. Some IAM users in Development should have access to certain resources in Production. How can this be accomplished?
A) Create an IAM role in the Production account with the Development account as a trusted entity and then allow those users from the Development account to assume the Production account IAM role.
B) Create a group of IAM users in the Development account, and add Production account service ARNs as resources in the IAM policy.
C) Establish a federation between the two accounts using the on-premises Microsoft Active Directory, and allow the Development account to access the Production account through this federation.
D) Establish an Amazon Cognito Federated Identity between the two accounts, and allow the Development account to access the Production account through this federation.
Correct Answer:
Verified
Correct Answer:
Verified
Q465: A sys admin is planning to subscribe
Q466: A company developed and now runs a
Q467: A company's data retention policy dictates that
Q468: An organization has hired an external firm
Q469: An organization has applied the below mentioned
Q471: Is it possible to protect the connections
Q472: Which of the following steps are required
Q473: A SysOps Administrator has configured a CloudWatch
Q474: A user has granted read/write permission of
Q475: A company manages more than 1,000 Amazon