Answer-first summary for fast verification
Answer: Set up an AWS Organizations entity. Activate AWS Control Tower. Review and adjust included controls (guardrails) for SCPs. Assess AWS Config for necessary enhancements. Organize accounts into appropriate OUs. Integrate AWS IAM Identity Center (AWS Single Sign-On) with the on-premises AD FS server.
The correct answer is B. AWS Control Tower dramatically reduces operational overhead by automating the creation of a well-architected, multi-account environment using best-practice blueprints. It also allows for flexibility with organizational units (OUs) and integrates seamlessly with AWS IAM Identity Center (AWS Single Sign-On), which is recommended for workforce authentication. By connecting AWS IAM Identity Center to the on-premises AD FS server, the company can maintain existing authentication processes without extensive manual setup. This solution ensures compliance, consistent security, and management across all account environments while minimizing operational complexity.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company is transitioning its infrastructure to AWS Cloud and must adhere to diverse regulatory standards across various projects. They require a multi-account setup. A solutions architect is tasked with establishing the foundational infrastructure. The solution should ensure uniform management and security baselines, yet accommodate varying compliance needs within multiple AWS accounts. Additionally, it must integrate with the existing on-premises Active Directory Federation Services (AD FS) server. What approach minimizes operational overhead while fulfilling these requirements?
A
Establish an AWS Organizations entity. Implement a single Service Control Policy (SCP) for least privilege access across all accounts. Organize all accounts under a single Organizational Unit (OU). Set up an IAM identity provider for federation with the on-premises AD FS server. Configure a central logging account to receive log events from log-generating services. Activate AWS Config in the central account with conformance packs for all accounts.
B
Set up an AWS Organizations entity. Activate AWS Control Tower. Review and adjust included controls (guardrails) for SCPs. Assess AWS Config for necessary enhancements. Organize accounts into appropriate OUs. Integrate AWS IAM Identity Center (AWS Single Sign-On) with the on-premises AD FS server.
C
Create an AWS Organizations entity. Define SCPs for least privilege access. Structure OUs to categorize AWS accounts. Link AWS IAM Identity Center (AWS Single Sign-On) with the on-premises AD FS server. Establish a central logging account for log event collection. Enable AWS Config in the central account with aggregators and conformance packs.
D
Form an AWS Organizations entity. Activate AWS Control Tower. Evaluate and modify included controls (guardrails) for SCPs. Review AWS Config for necessary updates. Configure an IAM identity provider for federation with the on-premises AD FS server.