AWS Certified Security – Specialty (SCS-C03) — Question 43

A company has contracted with a third party to audit several AWS accounts. To enable the audit, cross-account IAM roles have been created in each account targeted for audit. The auditor is having trouble accessing some of the accounts.
Which of the following may be causing this problem? (Choose three.)

Answer options

• A. The external ID used by the auditor is missing or incorrect.
• B. The auditor is using the incorrect password.
• C. The auditor has not been granted sts:AssumeRole for the role in the destination account.
• D. The Amazon EC2 role used by the auditor must be set to the destination account role.
• E. The secret key used by the auditor is missing or incorrect.
• F. The role ARN used by the auditor is missing or incorrect.

Correct answer: A, C, F

Explanation

The correct answers, A, C, and F, highlight potential issues with the auditor's access permissions and identifiers. If the external ID is incorrect or missing, it prevents proper role assumption. Additionally, lacking the necessary sts:AssumeRole permission and having an incorrect role ARN would also block access. Options B, D, and E involve user credentials or configurations that do not directly relate to cross-account IAM role access issues.