ExamGecko
Search Search Login
Home Home / Amazon / CLF-C01
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is an AWS value proposition that describes a user's ability to scale infrastructure based on demand?
A company uses Amazon EC2 instances and wants to maintain high availability in geographically distributed locations Which choice should the company make for the location of its EC2 instances?
What does the AWS cloud provide to increase the speed and agility of execution for customers? (Select Two.)
Which tool or feature provides a report to forecast AWS billing costs for the next 3 months?
A company spends several months upgrading its on-premises infrastructure every few years The company wants to reduce infrastructure procurement time by migrating to the AWS Cloud. What is the main benefit of migrating to the AWS Cloud for this use case?
A user is comparing purchase options for an application that runs on Amazon EC2 and Amazon RDS. The application cannot sustain any interruption The application experiences a predictable amount of usage, including some seasonal spikes that last only a few weeks at a time It is not possible to modify the application. Which purchase option meets these requirements MOST cost-effectively?
A user wants to identify any security group that is allowing unrestricted incoming SSH traffic Which AWS service can be used to accomplish this goal?
Which of the following are customer responsibilities under the AWS shared responsibility model? (Select Two.)
A bank needs to store recordings of calls made to its contact center for 6 years. The recordings must be accessible within 48 hours from the time they are requested. Which AWS service will provide a secure and cost-effective solution for retaining these files?
Which AWS service is a highly available and scalable DNS web service?

Question 358 - CLF-C01 discussion

Report
Export

A company is using on-premises Microsoft Active Directory federation to manage user identities and groups.

What AWS Identity and Access Management (IAM) setting maps the permissions for AWS services to the Active Directory user attributes?

A.
IAM users
Answers
A.
IAM users
B.
IAM access keys
Answers
B.
IAM access keys
C.
IAM roles
Answers
C.
IAM roles
D.
IAM groups
Answers
D.
IAM groups
Suggested answer: C

Explanation:

Explanation:

How to Connect Your On-Premises Active Directory to AWS Using AD Connector Assign users to roles Now that AD Connector is configured and youíve created a role, your next job is to assign users or groups to those IAM roles. Role mapping is what governs what resources a user has access to within AWS. To do this youíll need to: Open the Directory Service console, and click the link to Manage Access.

Click Create New Role.

Click Use Existing Role. Note: If you’ve already assigned Active Directory users or groups to a role, you will be able to modify their membership by clicking the link for the role in the Directory Service console.

Select a role from the list, and then click Next Step.

Type the name of an Active Directory user or group in the search field.

Click Next Step.

Click Create Role Assignments.

When youíre finished you should see the name of the user or group along with the corresponding Id for that object, as shown in the previous image.

The next time the user signs in to the AWS Management Console from the custom sign-in page, they will be signed in under the EC2ReadOnly security role.

Seamlessly join an instance to an Active Directory domain

Another advantage to using AD Connector is the ability to seamlessly join Windows (EC2) instances to your Active Directory domain. You may have read about this feature in the AWS Blog earlier this year. Itís what allows you to join a Windows Server to the domain while the instance is being provisioned instead of using a script or doing it manually. This section of this blog post will explain the steps necessary to enable this feature in your environment and how the service works.

Step 1: Create a role

Until recently you had to manually create an IAM policy to allow an EC2 instance to access the SSM, an AWS service that allows you to configure Windows instances while theyíre running and on first launch. Now, thereís a managed policy called AmazonEC2RoleforSSM that you can use instead. The role you are about to create will be assigned to an EC2 instance when itís provisioned, which will grant it permission to access the SSM service.

To create the role:

Open the IAM console.

Click Roles in the navigation pane.

Click Create Role.

Type a name for your role in the Role Name field.

Under AWS Service Roles, select Amazon EC2 and then click Select.

On the Attach Policy page, select AmazonEC2RoleforSSM and then click Next Step. On the Review page, click Create Role.

Show Answer
asked 16/09/2024
Pieter Meiring
45 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms