ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 129 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 129
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company has implemented one of its microservices on AWS Lambda that accesses an Amazon DynamoDB table named Books. A solutions architect is designing an IAM policy to be attached to the Lambda function's IAM role, giving it access to put, update, and delete items in the Books table. The IAM policy must prevent function from performing any other actions on the Books table or any other.
Which IAM policy would fulfill these needs and provide the LEAST privileged access?
A.

B.

C.

D.

Show Suggested Answer Hide Answer
Suggested Answer: A
by AbhiTyagi at Aug. 10, 2020, 12:15 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AbhiTyagi
Highly Voted 3 years, 8 months ago
A is fine
upvoted 41 times
sndychvn
3 years, 7 months ago
A - only for table Books B - for table Books and any others. So, B must be correct
upvoted 8 times
bill_smoke
3 years, 5 months ago
"The IAM policy must prohibit the function from doing any more activities on the Books or any other table." - A is solely for the books table so it fits the bill. B as an * at the end of the resource section which allows the engineer to edit every table. AAA is correct.
upvoted 3 times
...
Kirik
3 years, 7 months ago
Read properly "The IAM policy must prevent function from performing any other actions on the Books table or any other." they are telling must prevent action on other table
upvoted 3 times
...
...
...
Paitan
Highly Voted 3 years, 8 months ago
A is the right answer.
upvoted 9 times
...
examJack
Most Recent 3 years, 2 months ago
A. granting : Insert(PUT), Edit(Update), Remove(Delete) on the Books table prohibit : any other acts on the Books table and any other tables
upvoted 1 times
...
examJack
3 years, 2 months ago
A. granting : Insert(PUT), Edit(Update), Remove(Delete) on the Books table prohibit : any other acts on the Books table and any other tables
upvoted 1 times
...
Gaurav_Aws
3 years, 7 months ago
The IAM policy must prevent function from performing any other actions on the Books table or any other. Option A is only for Books table while B is * means Books table and any other table too. SO A is wrong and B is the right answer. If you choose A then how you fulfil "any other table" requirement?
upvoted 1 times
Jack1313
3 years, 7 months ago
Answer is "A", it is talking about preventing a function or action on any other table, which by only having table key pointed to "books" fulfils the requirement.
upvoted 5 times
...
...
syu31svc
3 years, 7 months ago
Answer is A B is wrong as the arn ends with * C is wrong as it allows all actions which is not what the qn is asking for D is wrong as it just denies everything
upvoted 6 times
...
KK_uniq
3 years, 7 months ago
A for sure. Another easy one
upvoted 3 times
...
mryala
3 years, 7 months ago
it's A
upvoted 2 times
...
Ankitrathi85
3 years, 7 months ago
A right
upvoted 1 times
...
AEN
3 years, 7 months ago
Ans is A
upvoted 1 times
...
myutran
3 years, 7 months ago
Answer: A
upvoted 1 times
...
anikolov
3 years, 7 months ago
A looks right for Books table only , but B cover "or ANY Other" requirement. "must prevent function from performing any other actions on the Books table or ANY OTHER"
upvoted 3 times
...
arunchu
3 years, 7 months ago
A is OK
upvoted 1 times
...
anpt
3 years, 7 months ago
AAAAAAAAAAAAA
upvoted 3 times
...
din_10009
3 years, 7 months ago
A for sure
upvoted 1 times
...
gsw
3 years, 8 months ago
can someone honestly tell me how some of these are in fact different? looks like a copy and paste job on the answers to me...
upvoted 2 times
wizrd049
3 years, 8 months ago
sounds like you need to study more, the syntax on these is very precise. IAM permissions are explicit deny, so you must allow access to the resources you want and then the rest will be blocked.
upvoted 7 times
hanni123
3 years, 7 months ago
that's harsh. But good explanation
upvoted 4 times
...
...
...
ppptttio89
3 years, 8 months ago
It's in my exam today. I chose A, easy question.
upvoted 5 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel