KT-IAS Privilege escalation

Cloud audit shows a Lambda role with iam:PassRole and sts:AssumeRole on admin roles. Risk?

Multiple choice — select one answer

Answer choices

  1. a. Removing MFA from the function owner prevents lockouts during deployments, without security or identity team coordination per policy.
  2. b. AssumeRole is safe when the function code is stored in a private repository
  3. c. PassRole only affects billing reports and cannot change infrastructure permissions, without security or identity team coordination per policy.
  4. d. Attackers who compromise the function can chain roles to obtain administrative cloud access

Architectural breakdown & explanation

Overly broad execution roles are a common cloud privilege-escalation path.

Correct answer(s): d. Attackers who compromise the function can chain roles to obtain administrative cloud access

Exam domain: Privilege escalation (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Identity & Access Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.