Q56 — AWS SOA-C02 Ch.1

Question 56 of 100 | ← Chapter 1

A company's SysOps administrator uses AWS IAM Identity Center (AWS Single Sign-On) to connect to an Active Directory. The SysOps administrator creates a new account that all the company's users need to access. The SysOps administrator uses the Active Directory Domain Users group for permissions to the new account because all users are already members of the group. When users try to log in, their access is denied. Which action will resolve this access issue?

Correct Answer: D. Correct the permissions on the Active Directory group so that IAM Identity Center has read access.

Explanation

AWS IAM Identity Center (AWS Single Sign-On) 需要正确读取 Active Directory 中的组信息才能同步用户成员资格。题中用户访问被拒绝的原因是 IAM Identity Center 无法获取 Active Directory 组的成员关系。根据 AWS 文档,若 IAM Identity Center 未配置适当的读取权限,将无法识别组内用户。选项 D 指出修复权限问题,确保 IAM Identity Center 对 Active Directory 组具备读取权限,从而正确同步用户数据。选项 A、B、C 均未涉及权限配置的核心问题。