pwarui
Below question is in relation to step 4 of the scenario
When using federated AD where does the AIM policy reside/managed in the LDAP, AWS STS or AWS IAM? i think the user policy is managed in the IAM and thats where S3 query for grant/deny user permission.
The EXAM TIPS step though which is different from your written scenario steps, is the correct one.