Your company has recently extended its datacenter into a VPC on AVVS to add burst computing capacity as
needed Members of your Network Operations Center need to be able to go to the AWS Management Console
and administer Amazon EC2 instances as necessary You don’t want to create new IAM users for each NOC
member and make those users sign in again to the AWS Management Console Which option below will meet
the needs for your NOC members?
A.
Use OAuth 2 0 to retrieve temporary AWS security credentials to enable your NOC members to sign in to
the AVVS Management Console.
B.
Use web Identity Federation to retrieve AWS temporary security credentials to enable your NOC members
to sign in to the AWS Management Console.
C.
Use your on-premises SAML 2 O-compliant identity provider (IDP) to grant the NOC members federated
access to the AWS Management Console via the AWS single sign-on (SSO) endpoint.
D.
Use your on-premises SAML2.0-compliam identity provider (IDP) to retrieve temporary security credentials
to enable NOC members to sign in to the AWS Management Console.
c
Answer is D
I take it back, it is actually C
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html
C is the correct answer
c
D would be right, if we want to do things programatically. Since the question is all about console, it should be “C”
Should be C – ‘temporary security credentials’ are not obtained from the IDP directly (not D). It is obtained in step 5 in the diagram in this link : http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html
5. The endpoint requests temporary security credentials on behalf of the user and creates a console sign-in URL that uses those credentials.
So, the wording of answer C is better to describe the correct situation.