SAP-C02 第 70 题
题目
A company has an environment that has a single AWS account. A solutions architect is reviewing the environment to recommend what the company could improve specifically in terms of access to the AWS Management Console. The company’s IT support workers currently access the console for administrative tasks, authenticating with named IAM users that have been mapped to their job role. The IT support workers no longer want to maintain both their Active Directory and IAM user accounts. They want to be able to access the console by using their existing Active Directory credentials. The solutions architect is using AWS IAM Identity Center (AWS Single Sign-On) to implement this functionality. Which solution will meet these requirements MOST cost-effectively?
中文翻译:
一家公司的环境只有一个 AWS 账户。解决方案架构师正在审查环境,以建议公司在访问 AWS 管理控制台方面可以具体改进哪些方面。该公司的 IT 支持人员目前访问控制台执行管理任务,通过已映射到其工作角色的指定 IAM 用户进行身份验证。 IT 支持人员不再希望同时维护其 Active Directory 和 IAM 用户帐户。他们希望能够使用现有的 Active Directory 凭据访问控制台。解决方案架构师正在使用 AWS IAM Identity Center (AWS Single Sign-On) 来实现此功能。哪种解决方案能够最具成本效益地满足这些要求?
选项
A. Create an organization in AWS Organizations. Turn on the IAM Identity Center feature in Organizations. Create and configure a directory in AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) with a two-way trust to the company’s on-premises Active Directory. Configure IAM Identity Center and set the AWS Managed Microsoft AD directory as the identity source. Create permission sets and map them to the existing groups within the AWS Managed Microsoft AD directory.
中文翻译:
在 AWS Organizations 中创建组织。在组织中打开 IAM 身份中心功能。在 AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) 中创建和配置目录,并与公司的本地 Active Directory 建立双向信任。配置 IAM Identity Center 并将 AWS Managed Microsoft AD 目录设置为身份源。创建权限集并将其映射到 AWS Managed Microsoft AD 目录中的现有组。
B. Create an organization in AWS Organizations. Turn on the IAM Identity Center feature in Organizations. Create and configure an AD Connector to connect to the company’s on-premises Active Directory. Configure IAM Identity Center and select the AD Connector as the identity source. Create permission sets and map them to the existing groups within the company’s Active Directory.
中文翻译:
在 AWS Organizations 中创建组织。在组织中打开 IAM 身份中心功能。创建并配置 AD 连接器以连接到公司的本地 Active Directory。配置 IAM Identity Center 并选择 AD Connector 作为身份源。创建权限集并将其映射到公司 Active Directory 中的现有组。
C. Create an organization in AWS Organizations. Turn on all features for the organization. Create and configure a directory in AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) with a two-way trust to the company’s on- premises Active Directory. Configure IAM Identity Center and select the AWS Managed Microsoft AD directory as the identity source. Create permission sets and map them to the existing groups within the AWS Managed Microsoft AD directory.
中文翻译:
在 AWS Organizations 中创建组织。打开组织的所有功能。在 AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) 中创建和配置目录,并与公司的本地 Active Directory 建立双向信任。配置 IAM Identity Center 并选择 AWS Managed Microsoft AD 目录作为身份源。创建权限集并将其映射到 AWS Managed Microsoft AD 目录中的现有组。
D. Create an organization in AWS Organizations. Turn on all features for the organization. Create and configure an AD Connector to connect to the company’s on-premises Active Directory. Configure IAM Identity Center and set the AD Connector as the identity source. Create permission sets and map them to the existing groups within the company’s Active Directory.
中文翻译:
在 AWS Organizations 中创建组织。打开组织的所有功能。创建并配置 AD 连接器以连接到公司的本地 Active Directory。配置 IAM Identity Center 并将 AD Connector 设置为身份源。创建权限集并将其映射到公司 Active Directory 中的现有组。
答案
D
解析
正确答案:D 解析: 本题应选择 D。 正确选项: D. 在 AWS Organizations 中创建组织。打开组织的所有功能。创建并配置 AD 连接器以连接到公司的本地 Active Directory。配置 IAM Identity Center 并将 AD Connector 设置为身份源。创建权限集并将其映射到公司 Active Directory 中的现有组。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C0...