Free AWS SOA-C03 Actual Exam Questions - Question 12 Discussion
now needs to centralize identity management. A CloudOps engineer must federate AWS IAM
Identity Center with an external SAML 2.0 identity provider (IdP) to centrally manage access to all
AWS accounts and cloud applications.
Which prerequisites must the CloudOps engineer have so that the CloudOps engineer can connect to
the external IdP? (Select TWO.)
B/A? Need the IdP metadata to set up the trust, and you also have to provide IAM Identity Center’s SAML metadata to the IdP so they can talk. Permissions might matter, but those two are basic prerequisites.
Option B and A make sense since metadata exchanges establish the trust relationship needed.
B/A? You need the IdP metadata with the certificate to set up the trust from AWS side, and then the IAM Identity Center’s SAML metadata to configure the IdP. The IP or root access don’t really matter for federation setup. Also, admin permissions on member accounts aren’t needed just for connecting the IdP.
It’s B and A. You definitely need the IdP metadata to set up trust, and the IAM Identity Center’s SAML metadata to configure the IdP side. Permissions or IP details aren’t relevant for just connecting the IdP.
B imo, you definitely need the IdP metadata and cert to establish trust. Also, A makes sense since you have to share your IAM Identity Center metadata with the IdP. Permissions on member accounts aren’t needed just for the federation itself.
B imo, need IdP metadata for trust, and A for configuring IdP side.
B and A, you need both sides’ metadata to set up trust correctly.
B/A? You need the IdP’s metadata so AWS knows how to trust it, and you also need the IAM Identity Center’s metadata to configure the IdP side properly. The IP address (C) isn’t relevant since it’s all about trust and tokens, not direct network connections. Root access or admin permissions on member accounts (D/E) aren’t required just to set up federation at the management account level. So the metadata files are the must-haves here.
B, A – metadata exchange is essential; access to member accounts (E) isn’t required here.
Yeah, the IP address (C) seems irrelevant since federation depends on metadata exchange, not network details. So B (IdP metadata) and A (AWS metadata) make the most sense here.
B and A, without those metadata files federation just won’t work.
This one feels like B and A to me too. You need the IdP’s metadata and cert (B) so AWS can trust the IdP, and the IAM Identity Center SAML metadata (A) so the IdP knows how to communicate with AWS. The IP address (C) is irrelevant here, and root access (D) isn’t strictly necessary if you have delegated permissions. Administrative rights on member accounts (E) aren’t needed just to set up the federation in Control Tower.
It’s B and A, both metadata files are critical for SAML federation setup.
A/B? The IdP metadata with the certificate is a must for trust, and the IAM Identity Center metadata is needed so the IdP knows where to send SAML responses. Permissions or IP addresses aren’t relevant here.
Without admin permissions, how would they configure the SAML trust for IAM Identity Center?
B/A? The IdP metadata with the public cert is definitely needed so AWS can trust the external IdP. The IAM Identity Center SAML metadata is also necessary so the IdP knows how to communicate back. Permissions like root or admin for member accounts (D/E) aren’t really about the connection setup itself. IP address (C) seems irrelevant since SAML uses metadata, not IPs. So it boils down to exchanging metadata files between AWS and the IdP.
B/A? You definitely need the IdP metadata with the cert (B) to trust it, and the IAM Identity Center metadata (A) to configure the SAML connection properly. The other options don’t seem relevant here.
It’s B and A because you need both sides’ metadata to set up the trust.
I’m with B and A too. You definitely need the IdP metadata with the public cert (B) so AWS can verify the IdP’s signature. Plus, the IAM Identity Center SAML metadata (A) is necessary so the IdP knows where to send the authentication responses. The other options don’t seem relevant because IP addresses (C) or root access (D) aren’t required just to configure federation, and admin permissions on member accounts (E) aren’t needed either since this is managed centrally.
It’s B and A for sure. You need the IdP metadata with the public cert (B) so AWS can trust the external IdP. And the IAM Identity Center SAML metadata (A) is required so the IdP knows how to talk back to AWS during the federation. The other options don’t really fit—root access isn’t strictly required, and IP address or member account admin rights aren’t part of setting up SAML federation itself. This is all about exchanging metadata and certificates to establish trust between IAM Identity Center and the external IdP.