ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 433 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 433
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company needs to restrict access to Amazon DynamoDB tables in the us-east1 Region for account 0123456789. All users must be denied permission to work with DynamoDB tables in us-east-1 unless the users access the tables through the following endpoint: vpce-11aa22bb.

Which IAM statement will enforce this requirement?

  • A.
  • B.
  • C.
  • D.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by AdamWest at Nov. 23, 2022, 2:09 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kerar
Highly Voted 2 years ago
Selected Answer: D
https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-ddb.html
upvoted 15 times
...
daylay
Most Recent 1 day, 23 hours ago
Selected Answer: D
D- This will enforce the deny rule as requested by the question. Reference- https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-ddb.html
upvoted 1 times
...
[Removed]
1 year, 2 months ago
Selected Answer: C
C. The question doesn't state there is a resource policy allowing the action. If D, all users are denied if not resource policy is defined that allows the behavior.
upvoted 1 times
...
6_8ftwin
1 year, 6 months ago
C IAM policies have an implicit deny. The implicit deny still holds true for 'D', meaning no one has access.
upvoted 1 times
6_8ftwin
1 year, 6 months ago
D Since the question asks Which IAM STATEMENT will enforce this requirement, D is the better option.
upvoted 1 times
...
...
HIEP_DC
1 year, 6 months ago
C for case assumes that there is also a policy statement that allows the access required -> D
upvoted 1 times
...
igloooooo
1 year, 8 months ago
this should be C. By default, it is deny.
upvoted 1 times
...
AzureDP900
1 year, 9 months ago
D is right
upvoted 1 times
...
AdamWest
2 years ago
Selected Answer: D
D - Looks correct
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago