ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 445 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 445
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

The following IAM policy is attached to an IAM group. This is the only policy applied to the group.

What are the effective IAM permissions of this policy for group members?

  • A. Group members are permitted any Amazon EC2 action within the us-east-1 Region. Statements after the Allow permission are not applied.
  • B. Group members are denied any Amazon EC2 permissions in the us-east-1 Region unless they are logged in with multi-factor authentication (MFA).
  • C. Group members are allowed the ec2:StopInstances and ec2:TerminateInstances permissions for all Regions when logged in with multi-factor authentication (MFA). Group members are permitted any other Amazon EC2 action.
  • D. Group members are allowed the ec2:StopInstances and ec2:TerminateInstances permissions for the us-east-1 Region only when logged in with multi-factor authentication (MFA). Group members are permitted any other Amazon EC2 action within the us-east-1 Region.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by AnuhyaTech at May 31, 2021, 1:32 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AnuhyaTech
Highly Voted 3 years, 3 months ago
ANS: D Other option not giving info on first policy condition.. only D is saying ..Group members are permitted any other Amazon EC2 action (except ec2:StopInstances and ec2:TerminateInstances) within the us-east-1 Region.
upvoted 32 times
...
sic6sic
Highly Voted 3 years, 2 months ago
Yep, letter D is the way I read this policy.
upvoted 8 times
...
Carlos_O
Most Recent 1 year, 3 months ago
Selected Answer: D
1 - Allow all ec2 in us-east-1 2 - deny stop and terminate if not have MFA
upvoted 1 times
...
jj22222
3 years ago
Selected Answer: D
D looks right
upvoted 1 times
...
Ultron00
3 years, 1 month ago
D for sure!
upvoted 1 times
...
ImtiazCloudInfra
3 years, 1 month ago
Passed exam today 1st DEC 2021, this question was appear in my exam and selected D. I learned lots of things from here and I Thankfull to those people who providing the right answers with explanation,
upvoted 5 times
ImtiazCloudInfra
3 years, 1 month ago
90% question came in the exam from this examtopics site. Good content for beginners
upvoted 3 times
...
...
Gats
3 years, 2 months ago
D is correct
upvoted 6 times
...
patriktre
3 years, 2 months ago
D is correct. you can do only what is allowed via policy: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/ec2-api-permissions.html By default, AWS Identity and Access Management (IAM) users don't have permission to create or modify Amazon EC2 resources, or perform tasks using the Amazon EC2 API. To allow IAM users to create or modify resources and perform tasks, you must create IAM policies that grant IAM users permissions for the specific resources and API actions they'll need to use, and then attach those policies to the IAM users or groups that require those permissions.
upvoted 7 times
patriktre
3 years, 2 months ago
1st part of policy allows all actions in us-east-1 Region 2nd part deny stop and terminate in all regions for users without MFA
upvoted 11 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago