AWS Certified Security – Specialty — Question 115

A Security Engineer signed in to the AWS Management Console as an IAM user and switched to the security role IAM role. To perform a maintenance operation, the Security Engineer needs to switch to the maintainer role IAM role, which lists the security role as a trusted entity. The Security Engineer attempts to switch to the maintainer role, but it fails.
What is the likely cause of the failure?

Answer options

• A. The security role and the maintainer role are not assigned to the IAM user that the Security Engineer used to sign in to the account.
• B. The Security Engineer should have logged in as the AWS account root user, which is allowed to assume any role directly.
• C. The maintainer role does not include the IAM user as a trusted entity.
• D. The security role does not include a statement in its policy to allow an sts:AssumeRole action.

Correct answer: C

Explanation

The correct answer is C because the maintainer role must have the IAM user as a trusted entity to allow switching roles. The other options are incorrect as they either misrepresent the role assignment, suggest improper login methods, or inaccurately describe the permissions of the security role's policy.