ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 385 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 385
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

An IAM role is attached to an Amazon EC2 instance that explicitly denies access to all Amazon S3 API actions. The EC2 instance credentials file specifies the IAM access key and secret access key, which allow full administrative access.

Given that multiple modes of IAM access are present for this EC2 instance, which of the following is correct?

  • A. The EC2 instance will only be able to list the S3 buckets.
  • B. The EC2 instance will only be able to list the contents of one S3 bucket at a time.
  • C. The EC2 instance will be able to perform all actions on any S3 bucket.
  • D. The EC2 instance will not be able to perform any S3 action on any S3 bucket.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Anandesh at July 5, 2024, 1:14 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tomchandler077
Highly Voted 10 months ago
D Explicit deny policies in IAM take precedence over any allow policies. If the IAM role attached to the EC2 instance explicitly denies access to S3, this deny will apply regardless of any other credentials or policies that might grant access. Even though the EC2 instance's credentials file specifies keys with full administrative access, the explicit deny in the IAM role will override these permissions for S3 actions.
upvoted 10 times
...
ShakthiGCP
Most Recent 5 months ago
Selected Answer: D
Explicit deny policies in IAM take precedence over any allow policies
upvoted 2 times
...
Kb80
5 months ago
Selected Answer: C
By default the AWS CLI uses environment variables then credentials file. Then if neither are present and an EC2 instance profile is attached, then this would be used. So with full access allowed by the key and secret in the local credentials file, full access to S3 would be allowed. Give it a try if you don't believe.
upvoted 2 times
...
CloudChingon
5 months, 2 weeks ago
Selected Answer: C
The credentials file containing IAM user credentials with full administrative permissions overrides the IAM role's permissions for S3 actions, allowing full access to S3.
upvoted 2 times
...
Anandesh
10 months ago
Selected Answer: D
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago