Which option below will meet the needs for your NOC members?

Your company has recently extended its datacenter into a VPC on AVVS to add burst computing capacity as
needed Members of your Network Operations Center need to be able to go to the AWS Management Console
and administer Amazon EC2 instances as necessary You don’t want to create new IAM users for each NOC
member and make those users sign in again to the AWS Management Console Which option below will meet
the needs for your NOC members?

Your company has recently extended its datacenter into a VPC on AVVS to add burst computing capacity as
needed Members of your Network Operations Center need to be able to go to the AWS Management Console
and administer Amazon EC2 instances as necessary You don’t want to create new IAM users for each NOC
member and make those users sign in again to the AWS Management Console Which option below will meet
the needs for your NOC members?

A.
Use OAuth 2 0 to retrieve temporary AWS security credentials to enable your NOC members to sign in to
the AVVS Management Console.

B.
Use web Identity Federation to retrieve AWS temporary security credentials to enable your NOC members
to sign in to the AWS Management Console.

C.
Use your on-premises SAML 2 O-compliant identity provider (IDP) to grant the NOC members federated
access to the AWS Management Console via the AWS single sign-on (SSO) endpoint.

D.
Use your on-premises SAML2.0-compliam identity provider (IDP) to retrieve temporary security credentials
to enable NOC members to sign in to the AWS Management Console.



Leave a Reply 7

Your email address will not be published. Required fields are marked *


KwagongMakisig

KwagongMakisig

Answer is D

Srinivasu Muchcherla

Srinivasu Muchcherla

C is the correct answer

krish

krish

D would be right, if we want to do things programatically. Since the question is all about console, it should be “C”

Kevin Wong

Kevin Wong

Should be C – ‘temporary security credentials’ are not obtained from the IDP directly (not D). It is obtained in step 5 in the diagram in this link : http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html

5. The endpoint requests temporary security credentials on behalf of the user and creates a console sign-in URL that uses those credentials.

So, the wording of answer C is better to describe the correct situation.