ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 292 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 292
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company uses a third-party identity provider and SAML-based SSO for its AWS accounts. After the third-party identity provider renewed an expired signing certificate, users saw the following message when trying to log in:

A security engineer needs to provide a solution that corrects the error and minimizes operational overhead.
Which solution meets these requirements?

  • A. Upload the third-party signing certificate's new private key to the AWS identity provider entity defined in AWS Identity and Access Management (IAM) by using the AWS Management Console.
  • B. Sign the identity provider's metadata file with the new public key. Upload the signature to the AWS identity provider entity defined in AWS Identity and Access Management (IAM) by using the AWS CLI.
  • C. Download the updated SAML metadata file from the identity service provider. Update the file in the AWS identity provider entity defined in AWS Identity and Access Management (IAM) by using the AWS CLI.
  • D. Configure the AWS identity provider entity defined in AWS Identity and Access Management (IAM) to synchronously fetch the new public key by using the AWS Management Console.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by khamrumunnu at Jan. 1, 2022, 1:29 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
khamrumunnu
Highly Voted 3 years, 6 months ago
Error: Response signature invalid (service: AWSSecurityTokenService; status code: 400; error code: InvalidIdentityToken) ======================================================== This error can occur when federation metadata of the identity provider does not match the metadata of the IAM identity provider. For example, the metadata file for the identity service provider might have changed to update an expired certificate. Download the updated SAML metadata file from your identity service provider. Then update it in the AWS identity provider entity that you define in IAM with the aws iam update-saml-provider cross-platform CLI command or the Update-IAMSAMLProvider PowerShell cmdlet. https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_saml.html#troubleshoot_saml_invalid-metadata Answer: C
upvoted 17 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: C
Download the updated SAML metadata file from your identity service provider, then update it in AWS.
upvoted 1 times
...
D2
2 years, 7 months ago
Selected Answer: C
Answer C https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_saml.html#troubleshoot_saml_invalid-metadata
upvoted 2 times
...
ShortRound
3 years, 1 month ago
Selected Answer: C
most def C
upvoted 1 times
...
Radhaghosh
3 years, 5 months ago
This error can occur when federation metadata of the identity provider does not match the metadata of the IAM identity provider. Option C is correct
upvoted 1 times
...
babaseun
3 years, 6 months ago
C ..... https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_saml.html#:~:text=browser%20for%20troubleshooting.-,Error%3A%20Response%20signature%20invalid%20(service%3A%20AWSSecurityTokenService%3B%20status%20code%3A%20400%3B%20error%20code%3A%20InvalidIdentityToken),-This%20error%20can
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel