Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Amazon Discussions

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 57 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 57
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

To meet regulatory requirements, a security engineer needs to implement an IAM policy that restricts the use of AWS services to the us-east-1 Region.
What policy should the engineer implement?

  • A.
  • B.
  • C.
  • D.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by kk2000 at Oct. 7, 2023, 6:27 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
100fold
Highly Voted 9 months ago
Selected Answer: C
Answer C https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_aws_deny-requested-region.html
upvoted 7 times
...
zzyy
Most Recent 2 months, 3 weeks ago
Not sure even if C is correct... On the condition it says StringNotEquals to us-east-1. which means the Deny all the aws resources expect us-east-1 which is not we want right..? I am confused..
upvoted 1 times
zzyy
2 months, 3 weeks ago
Nevermind.. I got he actual picture now.. ChatGPT helped. When you use "StringEquals": { "aws:RequestedRegion": "us-east-1" }, it means that the condition will only be satisfied if the requested region is exactly "us-east-1". So, with this condition in place, any AWS service request made from a region other than us-east-1 will be denied. It's a strict policy that allows access only if the requested region matches "us-east-1". If the request comes from any other region, it will be denied, ensuring that all operations occur exclusively within the specified region. This policy denies all actions ("Action": "*") on all resources ("Resource": "*"), but only if the requested region is not "us-east-1". This effectively restricts the use of AWS services to the us-east-1 Region.
upvoted 1 times
...
...
frankzeng
4 months ago
C is wrong. C is deny, no allow.
upvoted 1 times
...
Raphaello
4 months, 4 weeks ago
Selected Answer: C
The request is to restrict (deny) use of services outside a specific region, therefore an "allow" policy for that specific region is not enough. Option C does just that, it denies all services if the "requested region" is no the specific one.
upvoted 1 times
...
rahav
6 months, 4 weeks ago
Selected Answer: C
Answer is C
upvoted 1 times
...
lmimi
8 months, 1 week ago
Why not A? C is just not denied, but not explicit allow.
upvoted 1 times
Aamee
7 months, 4 weeks ago
A can't be correct since the 'Deny' always takes the precedence over 'Allow' if any similar SID policy statement is defined. The option C looks correct since it denies the access of the aws resources explicitly through the condition that 'IF' the region is not equal to 'us-east-1'. Since the question states that the access restriction should be limited to just us-east-1 region only.
upvoted 2 times
...
...
kk2000
9 months, 2 weeks ago
C is Correct
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
ex Want to SAVE BIG on Certification Exam Prep?
close
ex Unlock All Exams with ExamTopics Pro 75% Off
  • arrow Choose From 1000+ Exams
  • arrow Access to 10 Exams per Month
  • arrow PDF Format Available
  • arrow Inline Discussions
  • arrow No Captcha/Robot Checks
Limited Time Offer
Ends in

Claim Offer Now
286 people claimed it in the last 6 hours