Topic 1 Question 264
A security engineer is implementing authentication for a multi-account environment by using federated access with SAML 2.0. The security engineer has configured AWS IAM Identity Center as an identity provider (IdP). The security engineer also has created IAM roles to grant access to the AWS accounts.
A federated user reports an authentication failure when the user attempts to authenticate with the new system.
What should the security engineer do to troubleshoot this issue in the MOST operationally efficient way?
Review the SAML IdP logs to identify errors. Check AWS CloudTrail to verify the API calls that the user made.
Review the SAML IdP logs to identify errors. Use the IAM policy simulator to validate access to the IAM roles.
Use IAM access advisor to review recent service access. Use the IAM policy simulator to validate access to the IAM roles.
Recreate the SAML IdP in a separate account to confirm the behavior that the user is experiencing.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: A
When troubleshooting authentication failures in a federated SAML 2.0 authentication setup with AWS IAM Identity Center, you need to check two key areas:
SAML IdP logs (Identity Provider logs) – This helps identify issues related to SAML assertions, incorrect attributes, or user authentication failures before reaching AWS. AWS CloudTrail logs – This helps verify whether the authentication request reached AWS, if it was processed correctly, and if any errors occurred at the IAM role level.
👍 1AWSLoverLoverLoverLoverLover2025/02/20 - 正解だと思う選択肢: A
A. For this scenario, reviewing through is the most Cloudtrail is the most efficient approach as you verify whether the SAML assertion was successfully processed.
👍 1layrnyh2025/02/22
シャッフルモード