AWS Certified Security – Specialty — Question 26

A company has contracted with a third party to audit several AWS accounts. To enable the audit, cross-account IAM roles have been created in each account targeted for audit. The Auditor is having trouble accessing some of the accounts.
Which of the following may be causing this problem? (Choose three.)

Answer options

• A. The external ID used by the Auditor is missing or incorrect.
• B. The Auditor is using the incorrect password.
• C. The Auditor has not been granted sts:AssumeRole for the role in the destination account.
• D. The Amazon EC2 role used by the Auditor must be set to the destination account role.
• E. The secret key used by the Auditor is missing or incorrect.
• F. The role ARN used by the Auditor is missing or incorrect.

Correct answer: A, C, F

Explanation

The correct answers are A, C, and F because an incorrect or missing external ID (A) can prevent access, the Auditor must have the sts:AssumeRole permission (C) to assume the role, and an incorrect role ARN (F) will lead to access issues. Options B, D, and E are not relevant to the cross-account access issue since they pertain to authentication or configuration that does not affect role assumption.