A security engineer is working for a parent company that provides hosting and services to client companies. The parent company maintains an organization in AWS Organizations for all client company accounts. The parent company adds any new accounts to the organization when the new accounts are created. The parent company currently uses IAM users to administer the client company accounts. As more client accounts are added, the administration of the IAM accounts takes more time.
The security engineer must design a solution to reduce the amount of time that the parent company spends on administration and access provisioning for client accounts.
Which combination of steps should the security engineer take to meet these requirements? (Choose two.)

A. Provision an external identity provider (IdP) for the parent company. Implement AWS Single Sign-On (AWS SSO) with the IdP as the identity source for AWS SSO.

B. Provision an external identity provider (IdP) for each client company. Implement AWS Single Sign-On (AWS SSO) with the IdPs as the identity source for AWS SSO.

C. Provision an external identity provider (IdP) for the parent company. Implement AWS Single Sign-On (AWS SSO) with employee IAM roles as the identity source for AWS SSO.

D. In the AWS Single Sign-On console, select the users who require access to client accounts. Assign these users to the accounts.

E. In the IAM console, select the users who require access to client accounts. Assign these users to the accounts.






 

Suggested Answer: CD

Community Answer: AD




This question is in SCS-C01 AWS Certified Security – Specialty Exam
For getting AWS Certified Security – Specialty Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.