AWS Certified Security – Specialty SCS-C01 – Question123

A company uses identity federation to authenticate users into an identity account (987654321987) where the users assume an IAM role named IdentityRole. The users then assume an IAM role named JobFunctionRole in the target AWS account (123456789123) to perform their job functions. A user is unable to assume the IAM role in the target account. The policy attached to the role in the identity account is:

What should be done to enable the user to assume the appropriate role in the target account?

A.
Update the IAM policy attached to the role in the identity account to be:

B. Update the trust policy on the role in the target account to be:

C. Update the trust policy on the role in the identity account to be:

D. Update the IAM policy attached to the role in the target account to be:

Correct Answer: A