Topic 1 Question 624
A company wants to provide users with access to AWS resources. The company has 1,500 users and manages their access to on-premises resources through Active Directory user groups on the corporate network. However, the company does not want users to have to maintain another identity to access the resources. A solutions architect must manage user access to the AWS resources while preserving access to the on-premises resources.
What should the solutions architect do to meet these requirements?
Create an IAM user for each user in the company. Attach the appropriate policies to each user.
Use Amazon Cognito with an Active Directory user pool. Create roles with the appropriate policies attached.
Define cross-account roles with the appropriate policies attached. Map the roles to the Active Directory groups.
Configure Security Assertion Markup Language (SAML) 2 0-based federation. Create roles with the appropriate policies attached Map the roles to the Active Directory groups.
ユーザの投票
コメント(7)
- 正解だと思う選択肢: D
Use Amazon Cognito via SAML integration. (SAML) is an open federation standard that allows an identity provider (for this case on-prem AD) to authenticate users and pass identity and security information about them to a service provider (for this case AWS).
I will settle for D, because this is definitely required for this to work.
👍 3TariqKipkemei2023/11/29 - 正解だと思う選択肢: D
D.
An Amazon Cognito user pool is a user directory for WEB and MOBILE app authentication and authorization. So it is not a best option for corporate users.
👍 2NickGordon2023/11/09 - 正解だと思う選択肢: D
Though you can federate Cognito with Active Directory, Cognito is for providing access to your own applications, NOT to AWS Resources.
👍 2pentium752024/01/02
シャッフルモード