SCS-C02 · Question #69
SCS-C02 Question #69: Real Exam Question with Answer & Explanation
The correct answer is A: Provision an external identity provider (IdP) for the parent company. Implement AWS Single Sign-. https://aws.amazon.com/blogs/architecture/field-notes-integrating-a-multi-forest-source- environment-with-aws-sso/
Question
A security engineer is working for a parent company that provides hosting and services to client companies. The parent company maintains an organization in AWS Organizations for all client company accounts. The parent company adds any new accounts to the organization when the new accounts are created. The parent company currently uses IAM users to administer the client company accounts. As more client accounts are added, the administration of the IAM accounts takes more time. The security engineer must design a solution to reduce the amount of time that the parent company spends on administration and access provisioning for client accounts. Which combination of steps should the security engineer take to meet these requirements? (Choose two.)
Options
- AProvision an external identity provider (IdP) for the parent company. Implement AWS Single Sign-
- BProvision an external identity provider (IdP) for each client company. Implement AWS Single
- CProvision an external identity provider (IdP) for the parent company. Implement AWS Single Sign-
- DIn the AWS Single Sign-On console, select the users who require access to client accounts.
- EIn the IAM console, select the users who require access to client accounts. Assign these users to
Explanation
https://aws.amazon.com/blogs/architecture/field-notes-integrating-a-multi-forest-source- environment-with-aws-sso/
Community Discussion
No community discussion yet for this question.