A company has a multi-account AWS environment that includes the following: A central identity account that contains all IAM users and groups Several member accounts that contain IAM roles A SysOps administrator must grant permissions for a particular IAM group to assume a role in one of the member accounts. How should the SysOps administrator accomplish this task?
A) In the member account, add sts:AssumeRole permissions to the role's policy. In the identity account, add a trust policy to the group that specifies the account number of the member account.
B) In the member account, add the group Amazon Resource Name (ARN) to the role's trust policy. In the identity account, add an inline policy to the group with sts:AssumeRole permissions.
C) In the member account, add the group Amazon Resource Name (ARN) to the role's trust policy. In the identity account, add an inline policy to the group with sts:PassRole permissions.
D) In the member account, add the group Amazon Resource Name (ARN) to the role's inline policy. In the identity account, add a trust policy to the group with sts:AssumeRole permissions.
Correct Answer:
Verified
Q459: A company has deployed its infrastructure using
Q460: A SysOps Administrator has implemented a VPC
Q461: A company has an AWS account for
Q462: A company in a highly regulated industry
Q463: A company is managing a website with
Q465: A company recently migrated from a third-party
Q466: A SysOps Administrator needs to control access
Q467: A sysops administrator set up an Amazon
Q468: A company is using an Amazon ElastiCache
Q469: A company's finance department wants to receive
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents