Topic 1 Question 360
A financial services company has an asset management product that thousands of customers use around the world. The customers provide feedback about the product through surveys. The company is building a new analytical solution that runs on Amazon EMR to analyze the data from these surveys. The following user personas need to access the analytical solution to perform different actions:
• Administrator: Provisions the EMR cluster for the analytics team based on the team’s requirements • Data engineer: Runs ETL scripts to process, transform, and enrich the datasets • Data analyst: Runs SQL and Hive queries on the data
A solutions architect must ensure that all the user personas have least privilege access to only the resources that they need. The user personas must be able to launch only applications that are approved and authorized. The solution also must ensure tagging for all resources that the user personas create.
Which solution will meet these requirements?
Create IAM roles for each user persona. Attach identity-based policies to define which actions the user who assumes the role can perform. Create an AWS Config rule to check for noncompliant resources. Configure the rule to notify the administrator to remediate the noncompliant resources.
Setup Kerberos-based authentication for EMR clusters upon launch. Specify a Kerberos security configuration along with cluster-specific Kerberos options.
Use AWS Service Catalog to control the Amazon EMR versions available for deployment, the cluster configuration, and the permissions for each user persona.
Launch the EMR cluster by using AWS CloudFormation, Attach resource-based policies to the EMR cluster during cluster creation. Create an AWS. Config rule to check for noncompliant clusters and noncompliant Amazon S3 buckets. Configure the rule to notify the administrator to remediate the noncompliant resources.
ユーザの投票
コメント(12)
- 正解だと思う選択肢: C
C is correct: AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. This is ideal for controlling which Amazon EMR versions and cluster configurations are available to users. Specific cluster configurations and permissions can be set for each user persona, ensuring they have only the access they need. This meets the least privilege principle. The Service Catalog can be configured to allow users to launch only certain applications, ensuring adherence to company policies on approved and authorized software. It also supports resource tagging.
👍 3heatblur2023/11/25 - 正解だと思う選択肢: C
From GPT: AWS Service Catalog allows you to control and manage access to resources by defining portfolios and products with specific permissions. Allows you to create portfolios with approved and authorized applications, ensuring that only the specified applications are launched. AWS Service Catalog can enforce tagging on provisioned resources, ensuring that all resources created by the user personas are appropriately tagged.
👍 3shaaam802023/11/28 Answer A - The answers from Chat GPT are inaccurate and untrustable.
👍 3PouyaK2023/12/01
シャッフルモード