SCS-C02 · Question #9
SCS-C02 Question #9: Real Exam Question with Answer & Explanation
The correct answer is B: Update the trust policy on the role in the target account to be:. In IAM roles, use the Principal element in the role trust policy to specify who can assume the role. https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html
Question
A company uses identity federation to authenticate users into an identity account (987654321987) where the users assume an IAM role named IdentityRole. The users then assume an IAM role named JobFunctionRole in the target AWS account (123456789123) to perform their job functions. A user is unable to assume the IAM role in the target account. The policy attached to the role in the identity account is: What should be done to enable the user to assume the appropriate role in the target account?
Options
- AUpdate the IAM policy attached to the role in the identity account to be:
- BUpdate the trust policy on the role in the target account to be:
- CUpdate the trust policy on the role in the identity account to be:
- DUpdate the IAM policy attached to the role in the target account to be:
Explanation
In IAM roles, use the Principal element in the role trust policy to specify who can assume the role. https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html
Community Discussion
No community discussion yet for this question.