Topic 1 Question 253
A solutions architect has created two IAM policies: Policy1 and Policy2. Both policies are attached to an IAM group.
A cloud engineer is added as an IAM user to the IAM group. Which action will the cloud engineer be able to perform?
Deleting IAM users
Deleting directories
Deleting Amazon EC2 instances
Deleting logs from Amazon CloudWatch Logs
ユーザの投票
コメント(6)
ec2:* Allows full control of EC2 instances, so C is correct
The policy only grants get and list permission on IAM users, so not A ds:Delete deny denies delete-directory, so not B, see https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ds/index.html The policy only grants get and describe permission on logs, so not D
👍 7JayBee652023/01/24- 正解だと思う選択肢: C
Explicite deny on directories, only available action for deleting is EC2
👍 2Morinator2023/01/13 - 正解だと思う選択肢: C👍 2bamishr2023/01/13
シャッフルモード