Examice

Exam SOA-C02 All QuestionsBrowse all questions from this exam

Question 350

A company is managing multiple AWS accounts in AWS Organizations. The company is reviewing internal security of its AWS environment. The company’s security administrator has their own AWS account and wants to review the VPC configuration of developer AWS accounts.

Which solution will meet these requirements in the MOST secure manner?

Create an IAM policy in each developer account that has read-only access related to VPC resources. Assign the policy to an IAM user. Share the user credentials with the security administrator.

Create an IAM policy in each developer account that has administrator access to all Amazon EC2 actions, including VPC actions. Assign the policy to an IAM user. Share the user credentials with the security administrator.

Create an IAM policy in each developer account that has administrator access related to VPC resources. Assign the policy to a cross-account IAM role. Ask the security administrator to assume the role from their account.

Create an IAM policy in each developer account that has read-only access related to VPC resources. Assign the policy to a cross-account IAM role. Ask the security administrator to assume the role from their account.

Correct Answer: D

The most secure way to allow the security administrator to review the VPC configuration of developer AWS accounts is by creating an IAM policy in each developer account that provides read-only access to VPC resources and assigning this policy to a cross-account IAM role. The security administrator can then assume this role from their own account. This method ensures the principle of least privilege by granting only the necessary permissions and avoids the security risks associated with sharing user credentials.

Discussion

[Removed]

The most secure way for the security administrator to review the VPC configuration of developer AWS accounts would be to create an IAM policy in each developer account that has read-only access related to VPC resources and assign the policy to a cross-account IAM role. The security administrator can then assume the role from their own account to review the VPC configuration. This approach avoids sharing user credentials and provides the security administrator with the necessary permissions to review the VPC configuration without granting unnecessary access. So, the correct answer would be D. Create an IAM policy in each developer account that has read-only access related to VPC resources. Assign the policy to a cross-account IAM role. Ask the security administrator to assume the role from their account.

LudiVossOption: D

D because I am D best admin in the world right now.

seifsklOption: D

The most secure way to provide access between AWS accounts is by using IAM roles with cross-account access. And also, the security administrator only needs read-only access to review the VPC configuration.

[Removed]Option: D

When you set permissions with IAM policies, grant only the permissions required to perform a task. You do this by defining the actions that can be taken on specific resources under specific conditions, also known as least-privilege permissions. https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

Christina666Option: D

d..........

james2033Option: D

read-only --> A, D. Assign policy to an IAM user --> remove A. Choose D.

james2033Option: D

A, D --> read-only access. D: cross-account IAM role --> Choose D.

tex23Option: C

Answer C; a dev account with read-only access to VPC is ok whereas a dev account with admin access to VPC requires review.

tex23

Answer C; a dev account with read-only access to VPC is ok whereas a dev account with admin access to VPC requires review.

guau

D , AWS = AlWays aSume the role

Pete987Option: D

D is the answer

kevino81Option: D

security administrator has their own AWS account so you should use cross-account and read only to follow least privilege principle