ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 696 discussion

Exam question from Amazon's AWS-SysOps
Question #: 696
Topic #: 1
[All AWS-SysOps Questions]

A company has attached the following policy to an IAM user.

Which of the following actions are allowed for the IAM user?

  • A. Amazon RDS DescribeDBInstances action in the us-east-1 Region
  • B. Amazon S3 PutObject operation in a bucket named testbucket
  • C. Amazon EC2 DescribeInstances action in the us-east-1 Region
  • D. Amazon EC2 AttachNetworkInterface action in the eu-west-1 Region
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by binhdt2611 at May 1, 2021, 9:38 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
LuizMarques
Highly Voted 1 year, 2 months ago
Answer is C. The notaction with deny effect, will deny acess to everything that isnt listed in the notaction. https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html
upvoted 8 times
...
binhdt2611
Highly Voted 1 year, 3 months ago
I think is C
upvoted 8 times
...
asfsdfsdf
Most Recent 10 months, 1 week ago
Selected Answer: C
C - Because NotAction
upvoted 1 times
...
kr12
1 year ago
Selected Answer: C
C as deny has higher priority than allow
upvoted 2 times
...
sapien45
1 year, 1 month ago
Tricky one.C You can use the NotAction element in a statement with "Effect": "Deny" to deny access to all of the listed resources except for the actions specified in the NotAction element.
upvoted 1 times
...
HitoshiS
1 year, 1 month ago
C is Answer, A is wrong becanse Deny overwrites Allow so "rds:describe*" doesn't work.
upvoted 4 times
...
TroyMcLure
1 year, 2 months ago
Correct Answer: C There's an inline explicit DENY with a NotAction for ec2:* what means it will deny everything but EC2 actions.
upvoted 1 times
...
PeterGao
1 year, 2 months ago
I will go C, can someone please let me know why the ans is A?
upvoted 1 times
...
PeterGao
1 year, 2 months ago
I will go A, can someone please let me know why the ans is A?
upvoted 1 times
PeterGao
1 year, 1 month ago
I mean I will go C.
upvoted 1 times
...
...
RicardoD
1 year, 2 months ago
A is the Answer
upvoted 2 times
...
Drey
1 year, 3 months ago
I think it's A. There's a deny for all resources on ec2.
upvoted 2 times
chewingice
1 year, 2 months ago
C, it's "NotAction" under deny
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel