ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 264 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 264
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A security engineer is implementing authentication for a multi-account environment by using federated access with SAML 2.0. The security engineer has configured AWS IAM Identity Center as an identity provider (IdP). The security engineer also has created IAM roles to grant access to the AWS accounts.

A federated user reports an authentication failure when the user attempts to authenticate with the new system.

What should the security engineer do to troubleshoot this issue in the MOST operationally efficient way?

  • A. Review the SAML IdP logs to identify errors. Check AWS CloudTrail to verify the API calls that the user made.
  • B. Review the SAML IdP logs to identify errors. Use the IAM policy simulator to validate access to the IAM roles.
  • C. Use IAM access advisor to review recent service access. Use the IAM policy simulator to validate access to the IAM roles.
  • D. Recreate the SAML IdP in a separate account to confirm the behavior that the user is experiencing.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by AWSLoverLoverLoverLoverLover at Feb. 20, 2025, 1:09 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
layrnyh
2 months ago
Selected Answer: A
A. For this scenario, reviewing through is the most Cloudtrail is the most efficient approach as you verify whether the SAML assertion was successfully processed.
upvoted 1 times
...
AWSLoverLoverLoverLoverLover
2 months ago
Selected Answer: A
When troubleshooting authentication failures in a federated SAML 2.0 authentication setup with AWS IAM Identity Center, you need to check two key areas: SAML IdP logs (Identity Provider logs) – This helps identify issues related to SAML assertions, incorrect attributes, or user authentication failures before reaching AWS. AWS CloudTrail logs – This helps verify whether the authentication request reached AWS, if it was processed correctly, and if any errors occurred at the IAM role level.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago