SCS-C02 · Question #28
SCS-C02 Question #28: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #28. The question stem and answer options stay visible for context.
Question
A-company uses a third-party identity provider and SAML-based SSO for its AWS accounts. After the third-party identity provider renewed an expired signing certificate, users saw the following message when trying to log in: Error: Response Signature Invalid (Service: AWSSecurityTokenService; Status Code: 400; Error Code: InvalidIdentityToken) A security engineer needs to provide a solution that corrects the error and minimizes operational overhead. Which solution meets these requirements?
Options
- AUpload the third-party signing certificate's new private key to the AWS identity provider entity
- BSign the identity provider's metadata file with the new public key. Upload the signature to the
- CDownload the updated SAML metadata file from the identity service provider. Update the file in
- DConfigure the AWS identity provider entity defined in AWS Identity and Access Management
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.