Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Amazon Exam SAA-C03 Topic 1 Question 53 Discussion

Actual exam question for Amazon's SAA-C03 exam
Question #: 53
Topic #: 1
[All SAA-C03 Questions]

A company manages AWS accounts in AWS Organizations. AWS 1AM Identity Center (AWS Single Sign-On) and AWS Control Tower are configured for the accounts. The company wants to manage multiple user permissions across all the accounts.

The permissions will be used by multiple 1AM users and must be split between the developer and administrator teams. Each team requires different permissions. The company wants a solution that includes new users that are hired on both teams.

Which solution will meet these requirements with the LEAST operational overhead?

Show Suggested Answer Hide Answer
Suggested Answer: A

A: How do you protect your data in transit?

Best Practices:

Implement secure key and certificate management: Store encryption keys and certificates securely and rotate them at appropriate time intervals while applying strict access control; for example, by using a certificate management service, such as AWS Certificate Manager (ACM).

Enforce encryption in transit: Enforce your defined encryption requirements based on appropriate standards and recommendations to help you meet your organizational, legal, and compliance requirements.

Automate detection of unintended data access: Use tools such as GuardDuty to automatically detect attempts to move data outside of defined boundaries based on data classification level, for example, to detect a trojan that is copying data to an unknown or untrusted network using the DNS protocol.

Authenticate network communications: Verify the identity of communications by using protocols that support authentication, such as Transport Layer Security (TLS) or IPsec.

https://wa.aws.amazon.com/wat.question.SEC_9.en.html


by Ruthann at Jan 10, 2025, 08:35 AM

Limited Time Offer

25%

Off

Get Premium SAA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Kathrine
1 months ago
Option C is the clear winner here. It's like the AWS Permissions Lego set - just snap the pieces together and you're good to go!
upvoted 0 times
...
Vallie
1 months ago
I'm a bit of a permissions nerd, so Option C is right up my alley. The ability to create custom permission sets is a game-changer.
upvoted 0 times
...
Twanna
1 months ago
Option B looks good, but it might be a bit more manual to manage individual user permissions. C seems to strike the right balance between flexibility and ease of use.
upvoted 0 times
Tran
5 days ago
Option C seems to strike the right balance between flexibility and ease of use.
upvoted 0 times
...
Theresia
17 days ago
Option B might require more manual management of individual user permissions.
upvoted 0 times
...
...
Novella
1 months ago
I agree, Option C is the way to go. It provides a scalable solution for managing permissions as the company grows and hires new developers and administrators.
upvoted 0 times
Antonio
13 days ago
Option C: Use AWS Organizations to create two organizational units (OUs) for the developer and administrator teams. Use AWS Single Sign-On to assign the appropriate permissions to each OU.
upvoted 0 times
...
Chana
23 days ago
Option B: Use AWS Single Sign-On to create two groups for the developer and administrator teams. Assign the appropriate permissions to each group.
upvoted 0 times
...
Sherman
1 months ago
Option A: Use AWS Control Tower to create two organizational units (OUs) for the developer and administrator teams. Assign the appropriate permissions to each OU.
upvoted 0 times
...
...
Janet
2 months ago
I'm not sure, I think option C could also work well by creating new groups and permission sets for each team. It might be worth considering as well.
upvoted 0 times
...
Marjory
2 months ago
I agree with Callie. Option A seems to have the least operational overhead and provides fine-grained permissions for each team.
upvoted 0 times
...
Virgie
2 months ago
Option C seems like the most efficient solution. Creating separate groups and permission sets in IAM Identity Center makes it easy to manage user permissions across multiple accounts.
upvoted 0 times
Iraida
21 days ago
Exactly, the goal is to streamline the process and minimize the effort required to manage user permissions across all accounts.
upvoted 0 times
...
Ty
1 months ago
It's important to have a solution that can scale with new hires on both teams without adding too much operational overhead.
upvoted 0 times
...
Levi
2 months ago
I agree, having separate groups and permission sets will make it easier to assign and update permissions as needed.
upvoted 0 times
...
Emiko
2 months ago
Option C is definitely the way to go. It simplifies managing permissions for both developer and administrator teams.
upvoted 0 times
...
...
Callie
2 months ago
I think option A is the best solution because it allows us to create separate groups for developers and administrators with custom policies.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77