Amazon SAA-C03 Exam - Topic 1 Question 53 Discussion

Actual exam question for Amazon's SAA-C03 exam

Question #: 53
Topic #: 1

A company manages AWS accounts in AWS Organizations. AWS 1AM Identity Center (AWS Single Sign-On) and AWS Control Tower are configured for the accounts. The company wants to manage multiple user permissions across all the accounts.

The permissions will be used by multiple 1AM users and must be split between the developer and administrator teams. Each team requires different permissions. The company wants a solution that includes new users that are hired on both teams.

Which solution will meet these requirements with the LEAST operational overhead?

ACreate individual users in 1AM Identity Center (or each account. Create separate developer and administrator groups in 1AM Identity Center. Assign the users to the appropriate groups Create a custom 1AM policy for each group to set fine-grained permissions.

BCreate individual users in 1AM Identity Center for each account. Create separate developer and administrator groups in 1AM Identity Center. Assign the users to the appropriate groups. Attach AWS managed 1AM policies to each user as needed for fine-grained permissions.

CCreate individual users in 1AM Identity Center Create new developer and administrator groups in 1AM Identity Center. Create new permission sets that include the appropriate 1AM policies for each group. Assign the new groups to the appropriate accounts Assign the new permission sets to the new groups When new users are hired, add them to the appropriate group.

DCreate individual users in 1AM Identity Center. Create new permission sets that include the appropriate 1AM policies for each user. Assign the users to the appropriate accounts. Grant additional 1AM permissions to the users from within specific accounts. When new users are hired, add them to 1AM Identity Center and assign them to the accounts.

Show Suggested Answer

Suggested Answer: A

A: How do you protect your data in transit?

Best Practices:

Implement secure key and certificate management: Store encryption keys and certificates securely and rotate them at appropriate time intervals while applying strict access control; for example, by using a certificate management service, such as AWS Certificate Manager (ACM).

Enforce encryption in transit: Enforce your defined encryption requirements based on appropriate standards and recommendations to help you meet your organizational, legal, and compliance requirements.

Automate detection of unintended data access: Use tools such as GuardDuty to automatically detect attempts to move data outside of defined boundaries based on data classification level, for example, to detect a trojan that is copying data to an unknown or untrusted network using the DNS protocol.

Authenticate network communications: Verify the identity of communications by using protocols that support authentication, such as Transport Layer Security (TLS) or IPsec.

https://wa.aws.amazon.com/wat.question.SEC_9.en.html

by Ruthann at Jan 10, 2025, 08:35 AM

Limited Time Offer

25%

Off

Get Premium SAA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Delsie

3 months ago

Not sure if C will scale well with a growing team.

upvoted 0 times

...

Omer

3 months ago

Wait, why not just use managed policies for everything?

upvoted 0 times

...

Ruth

3 months ago

A is way too much overhead for new users.

upvoted 0 times

...

Luz

4 months ago

I disagree, D looks better for individual user control.

upvoted 0 times

...

Tuyet

4 months ago

Option C seems the most efficient for managing permissions.

upvoted 0 times

...

Cathern

4 months ago

I’m a bit confused about the differences between permission sets and managed policies. I think option B could work, but I'm not certain if it’s the most efficient choice.

upvoted 0 times

...

Tyra

4 months ago

I feel like option A might be too manual since it involves creating individual users in each account. That seems like a lot of work for new hires.

upvoted 0 times

...

Nickolas

4 months ago

I think option C sounds familiar; it seems like it aligns with what we practiced about grouping users and managing permissions effectively.

upvoted 0 times

...

Joni

5 months ago

I remember we discussed the importance of using permission sets in AWS SSO to simplify user management, but I'm not sure which option best minimizes overhead.

upvoted 0 times

...

Kandis

5 months ago

Whew, lots of details to unpack here. I'll need to carefully read through each option and think about the tradeoffs in terms of flexibility, scalability, and ease of management.

upvoted 0 times

...

Noemi

5 months ago

This seems like a classic AWS permissions management question. I'm pretty confident I can solve this by leveraging IAM Identity Center and the right combination of groups, permission sets, and account-level permissions.

upvoted 0 times

...

Sharita

5 months ago

Okay, I think I've got a strategy here. I'll focus on the requirement to minimize operational overhead. That means looking for a solution that makes it easy to onboard new users and manage permissions across accounts.

upvoted 0 times

...

Ernest

5 months ago

Hmm, I'm a bit confused by the different options. I need to make sure I understand the differences between creating groups vs. permission sets, and how that impacts managing new users.

upvoted 0 times

...

Francine

5 months ago

This looks like a pretty straightforward IAM Identity Center and AWS Organizations question. I think the key is to focus on how to manage permissions across multiple accounts efficiently.

upvoted 0 times

...

Kathrine

9 months ago

Option C is the clear winner here. It's like the AWS Permissions Lego set - just snap the pieces together and you're good to go!

upvoted 0 times

...

Vallie

10 months ago

I'm a bit of a permissions nerd, so Option C is right up my alley. The ability to create custom permission sets is a game-changer.

upvoted 0 times

...

Twanna

10 months ago

Option B looks good, but it might be a bit more manual to manage individual user permissions. C seems to strike the right balance between flexibility and ease of use.

upvoted 0 times

Tran

8 months ago

Option C seems to strike the right balance between flexibility and ease of use.

upvoted 0 times

...

Theresia

9 months ago

Option B might require more manual management of individual user permissions.

upvoted 0 times

...

Novella

10 months ago

I agree, Option C is the way to go. It provides a scalable solution for managing permissions as the company grows and hires new developers and administrators.

upvoted 0 times

Antonio

9 months ago

Option C: Use AWS Organizations to create two organizational units (OUs) for the developer and administrator teams. Use AWS Single Sign-On to assign the appropriate permissions to each OU.

upvoted 0 times

...

Chana

9 months ago

Option B: Use AWS Single Sign-On to create two groups for the developer and administrator teams. Assign the appropriate permissions to each group.

upvoted 0 times

...

Sherman

9 months ago

Option A: Use AWS Control Tower to create two organizational units (OUs) for the developer and administrator teams. Assign the appropriate permissions to each OU.

upvoted 0 times

...

Janet

10 months ago

I'm not sure, I think option C could also work well by creating new groups and permission sets for each team. It might be worth considering as well.

upvoted 0 times

...

Marjory

10 months ago

I agree with Callie. Option A seems to have the least operational overhead and provides fine-grained permissions for each team.

upvoted 0 times

...

Virgie

11 months ago

Option C seems like the most efficient solution. Creating separate groups and permission sets in IAM Identity Center makes it easy to manage user permissions across multiple accounts.

upvoted 0 times

Iraida

9 months ago

Exactly, the goal is to streamline the process and minimize the effort required to manage user permissions across all accounts.

upvoted 0 times

...

Ty

10 months ago

It's important to have a solution that can scale with new hires on both teams without adding too much operational overhead.

upvoted 0 times

...

Levi

10 months ago

I agree, having separate groups and permission sets will make it easier to assign and update permissions as needed.

upvoted 0 times

...

Emiko

10 months ago

Option C is definitely the way to go. It simplifies managing permissions for both developer and administrator teams.

upvoted 0 times

...

Callie

11 months ago

I think option A is the best solution because it allows us to create separate groups for developers and administrators with custom policies.

upvoted 0 times

...