Topic 1 Question 437
A company's SysOps administrator uses AWS IAM Identity Center (AWS Single Sign-On) to connect to an Active Directory. The SysOps administrator creates a new account that all the company's users need to access.
The SysOps administrator uses the Active Directory Domain Users group for permissions to the new account because all users are already members of the group. When users try to log in, their access is denied.
Which action will resolve this access issue?
Create a new group. Add users to the new group to provide access.
Correct the time on the Active Directory domain controllers.
Remove the account. Re-add the account to the organization that is integrated with IAM Identity Center.
Correct the permissions on the Active Directory group so that IAM Identity Center has read access.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: D
You need to give IAM Identity Center access to read the AD group so it can logically identify users who are members and grant them access to the new account.
👍 3tgv2024/10/15 - 正解だと思う選択肢: A
AWS IAM Identity Center (AWS SSO) integrates with Active Directory (AD) to grant users access to AWS accounts and applications. However, not all AD groups are automatically recognized by IAM Identity Center for permissions management. IAM Identity Center already has read access to AD for user and group information as part of the integration. The problem lies with using the default Domain Users group, not with permissions.
👍 1numark2025/01/10
シャッフルモード