SAA-C03 · Question #419
SAA-C03 Question #419: Real Exam Question with Answer & Explanation
The correct answer is B: Configure a delegated administrator account for IAM Access Analyzer in the AWS Control Tower. The first step is to configure a delegated administrator account for IAM Access Analyzer at the organization level. Only after delegating the administrator account can you aggregate Access Analyzer findings from all member accounts into a designated audit account. This must be se
Question
A company is using AWS Identity and Access Management (IAM) Access Analyzer to refine IAM permissions for employee users. The company uses an organization in AWS Organizations and AWS Control Tower to manage its AWS accounts. The company has designated a specific member account as an audit account. A solutions architect needs to set up IAM Access Analyzer to aggregate findings from all member accounts in the audit account. What is the first step the solutions architect should take?
Options
- AUse AWS CloudTrail to configure one trail for all accounts. Create an Amazon S3 bucket in the
- BConfigure a delegated administrator account for IAM Access Analyzer in the AWS Control Tower
- CCreate an Amazon S3 bucket in the audit account. Generate a new permissions policy, and add a
- DAdd a new trust policy that includes permissions to allow IAM Access Analyzer to perform
Explanation
The first step is to configure a delegated administrator account for IAM Access Analyzer at the organization level. Only after delegating the administrator account can you aggregate Access Analyzer findings from all member accounts into a designated audit account. This must be set up in the AWS Organizations management account.
Community Discussion
No community discussion yet for this question.