SAA-C03 • Practice Test 41
Free SAA-C03 practice test — 15 questions with explanations. Set 41. No signup required.
Based on the exhibit, a batch platform in Account B must assume a role in Account A. Only the specific role arn:aws:iam::222233334444:role/BatchRunner should be allowed to assume it, and the design must prevent any other role in Account B from reusing the same external ID. Which change best meets the requirement?
{
"role_arn": "arn:aws:iam::111122223333:role/InboundExportRole",
"trust_policy": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {"AWS": "arn:aws:iam::222233334444:root"},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {"sts:ExternalId": "acctB-export-91"}
}
}
]
},
"cloudtrail_event": {
"eventName": "AssumeRole",
"userIdentity": "arn:aws:iam::222233334444:role/BatchRunner",
"errorCode": "AccessDenied",
"errorMessage": "Not authorized to perform sts:AssumeRole on resource arn:aws:iam::111122223333:role/InboundExportRole"
}
}