SAP-C02 第 261 题
题目
A company has many separate AWS accounts and uses no central billing or management. Each AWS account hosts services for different departments in the company. The company has a Microsoft Azure Active Directory that is deployed. A solutions architect needs to centralize billing and management of the company’s AWS accounts. The company wants to start using identity federation instead of manual user management. The company also wants to use temporary credentials instead of long-lived access keys. Which combination of steps will meet these requirements? (Choose three.) Microsoft Azure Active Directory。
中文翻译:
一家公司拥有许多独立的 AWS 账户,并且不使用集中计费或管理。每个 AWS 账户都为公司的不同部门托管服务。该公司已部署 Microsoft Azure Active Directory。解决方案架构师需要集中公司 AWS 账户的计费和管理。该公司希望开始使用身份联合而不是手动用户管理。该公司还希望使用临时凭证而不是长期访问密钥。哪种步骤组合可以满足这些要求? (选择三项。) Microsoft Azure Active Directory。
选项
A. Create a new AWS account to serve as a management account. Deploy an organization in AWS Organizations. Invite each existing AWS account to join the organization. Ensure that each account accepts the invitation.
中文翻译:
创建一个新的 AWS 账户作为管理账户。在 AWS Organizations 中部署组织。邀请每个现有 AWS 账户加入该组织。确保每个帐户都接受邀请。
B. Configure each AWS account's email address to be aws+ @example.com so that account management email messages and invoices are sent to the same place.
中文翻译:
将每个 AWS 账户的电子邮件地址配置为 aws+ @example.com,以便将账户管理电子邮件和发票发送到同一位置。
C. Deploy AWS IAM Identity Center (AWS Single Sign-On) in the management account. Connect IAM Identity Center to the Azure Active Directory. Configure IAM Identity Center for automatic synchronization of users and groups.
中文翻译:
在管理账户中部署 AWS IAM Identity Center (AWS Single Sign-On)。将 IAM 身份中心连接到 Azure Active Directory。配置 IAM Identity Center 以自动同步用户和组。
D. Deploy an AWS Managed Microsoft AD directory in the management account. Share the directory with all other accounts in the organization by using AWS Resource Access Manager (AWS RAM).
中文翻译:
在管理账户中部署 AWS Managed Microsoft AD 目录。使用 AWS Resource Access Manager (AWS RAM) 与组织中的所有其他账户共享目录。
E. Create AWS IAM Identity Center (AWS Single Sign-On) permission sets. Attach the permission sets to the appropriate IAM Identity Center groups and AWS accounts.
中文翻译:
创建 AWS IAM Identity Center (AWS Single Sign-On) 权限集。将权限集附加到适当的 IAM Identity Center 组和 AWS 账户。
F. Configure AWS Identity and Access Management (IAM) in each AWS account to use AWS Managed Microsoft AD for authentication and authorization.
中文翻译:
在每个 AWS 账户中配置 AWS Identity and Access Management (IAM),以使用 AWS Managed Microsoft AD 进行身份验证和授权。
答案
ACE
解析
正确答案:ACE 解析: 本题应选择 ACE。 正确选项: A. 创建一个新的 AWS 账户作为管理账户。在 AWS Organizations 中部署组织。邀请每个现有 AWS 账户加入该组织。确保每个帐户都接受邀请。 C. 在管理账户中部署 AWS IAM Identity Center (AWS Single Sign-On)。将 IAM 身份中心连接到 Azure Active Directory。配置 IAM Identity...