Your company has recently extended its datacenter into a VPC on AVVS to add burst computing capacity as
needed Members of your Network Operations Center need to be able to go to the AWS Management Console
and administer Amazon EC2 instances as necessary You don’t want to create new IAM users for each NOC
member and make those users sign in again to the AWS Management Console Which option below will meet
the needs for your NOC members?
A.
Use OAuth 2 0 to retrieve temporary AWS security credentials to enable your NOC members to sign in to
the AWS Management Console.
B.
Use web Identity Federation to retrieve AWS temporary security credentials to enable your NOC members
to sign in to the AWS Management Console.
C.
Use your on-premises SAML 2.0-compliant identity provider (IDP) to grant the NOC members federated
access to the AWS Management Console via the AWS single sign-on (SSO) endpoint.
D.
Use your on-premises SAML 2.0-compliam identity provider (IDP) to retrieve temporary security credentials
to enable NOC members to sign in to the AWS Management Console.
I think C
“Use your on-premises SAML 2.0-compliant identity provider (IDP) to grant the NOC members federated access to the AWS Management Console via the AWS single sign-on (SSO) endpoint.”
Answer is C, clue us Federated access via AWS SSO.
Answer is C, clue is Federated access via AWS SSO.
C also, same reasons.
D.
The answer key has been given by clicking the button Show Answer. Single sign-on still requires an IAM role created and to be “assumed” for each individual form NOC (if I am correct), it also produces management overhead when revoking access privileges as well. The appropriate solution is D, in this case. http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
C