ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 200 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 200
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A solutions architect has implemented a SAML 2.0 federated identity solution with their company's on-premises identity provider (IdP) to authenticate users' access to the AWS environment. When the solutions architect tests authentication through the federated identity web portal, access to the AWS environment is granted. However, when test users attempt to authenticate through the federated identity web portal, they are not able to access the AWS environment.

Which items should the solutions architect check to ensure identity federation is properly configured? (Choose three.)

  • A. The IAM user's permissions policy has allowed the use of SAML federation for that user.
  • B. The IAM roles created for the federated users' or federated groups' trust policy have set the SAML provider as the principal.
    B. Test users are not in the AWSFederatedUsers group in the company's IdP.
  • C. The web portal calls the AWS STS AssumeRoleWithSAML API with the ARN of the SAML provider, the ARN of the IAM role, and the SAML assertion from IdP.
  • D. The on-premises IdP's DNS hostname is reachable from the AWS environment VPCs.
  • E. The company's IdP defines SAML assertions that properly map users or groups. In the company to IAM roles with appropriate permissions.
Show Suggested Answer Hide Answer
Suggested Answer: BCE 🗳️
by Roontha at May 27, 2023, 1:40 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Rajivjain
Highly Voted 1 year, 5 months ago
Kindly correct the Answers' sequence. A to F
upvoted 24 times
Rajivjain
1 year, 5 months ago
Ref: BDF https://www.examtopics.com/discussions/amazon/view/36355-exam-aws-certified-solutions-architect-professional-topic-1/
upvoted 3 times
...
...
andreitugui
Highly Voted 1 year, 5 months ago
B) The IAM roles created for the federated users' or federated groups' trust policy have set the SAML provider as the principal. D) The web portal calls the AWS STS AssumeRoleWithSAML API with the ARN of the SAML provider, the ARN of the IAM role, and the SAML assertion from IdP. F)The company's IdP defines SAML assertions that properly map users or groups. In the company to IAM roles with appropriate permissions.
upvoted 21 times
...
sarlos
Most Recent 5 months, 3 weeks ago
B1,C,E
upvoted 6 times
...
37b2ab7
11 months, 1 week ago
Selected Answer: BCE
For sure - BCE
upvoted 3 times
...
severlight
11 months, 2 weeks ago
Selected Answer: BCE
B1, C, E
upvoted 3 times
...
dkcloudguru
1 year, 1 month ago
BDF is correct
upvoted 1 times
...
CloudHandsOn
1 year, 2 months ago
Selected Answer: BCE
B,C, & E was my first choice
upvoted 2 times
...
Gmail78
1 year, 2 months ago
C- STS AssumerolewithSAML B1- Define trust policy for IAM assumed by the principal E - SAML Assertion
upvoted 3 times
...
SK_Tyagi
1 year, 2 months ago
Selected Answer: BD
BDF is correct
upvoted 1 times
...
anttan
1 year, 2 months ago
Should be BEF, right? D. The web portal calls the AWS STS AssumeRoleWithSAML API with the ARN of the SAML provider, the ARN of the IAM role, and the SAML assertion from IdP. This is already being done by the federated identity web portal. So E) The on-premises IdP's DNS hostname is reachable from the AWS environment VPCs. The on-premises IdP's DNS hostname must be reachable from the AWS environment VPCs. This is because the AWS STS AssumeRoleWithSAML API will need to be able to resolve the DNS hostname of the IdP in order to retrieve the SAML assertion.
upvoted 2 times
...
breadops
1 year, 3 months ago
Selected Answer: B
BDF is the right answers
upvoted 2 times
...
ggrodskiy
1 year, 3 months ago
Correct BCE.
upvoted 1 times
...
Just_Ninja
1 year, 3 months ago
Selected Answer: BD
Admin The Order from the Question is not right.. Answer is BDF!
upvoted 1 times
...
NikkyDicky
1 year, 3 months ago
Selected Answer: BCE
B (the 1st B, as there are two in this version of question) CE
upvoted 2 times
...
easytoo
1 year, 4 months ago
it's B-D-F Jeff.
upvoted 2 times
...
Roontha
1 year, 5 months ago
Answer : B, C, E
upvoted 2 times
Roontha
1 year, 5 months ago
Sorry...it is BDF https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
upvoted 4 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago