ExamTopics Logo
Mail Usteam@examtopics.com
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 253 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 253
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A solutions architect has created two IAM policies: Policy1 and Policy2. Both policies are attached to an IAM group.





A cloud engineer is added as an IAM user to the IAM group. Which action will the cloud engineer be able to perform?

  • A. Deleting IAM users
  • B. Deleting directories
  • C. Deleting Amazon EC2 instances
  • D. Deleting logs from Amazon CloudWatch Logs
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Community vote distribution
C (90%)
10%
by Morinator at Jan. 13, 2023, 11:33 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Submit Cancel
JayBee65
Highly Voted 2 years, 2 months ago
ec2:* Allows full control of EC2 instances, so C is correct The policy only grants get and list permission on IAM users, so not A ds:Delete deny denies delete-directory, so not B, see https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ds/index.html The policy only grants get and describe permission on logs, so not D
upvoted 22 times
vincent2023
2 months, 1 week ago
ds is related to directory service, don't understand how is it related to deleting ec2 instances ??
upvoted 1 times
...
mwwt2022
1 year, 3 months ago
great explanation
upvoted 2 times
...
...
Morinator
Highly Voted 2 years, 2 months ago
Selected Answer: C
Explicite deny on directories, only available action for deleting is EC2
upvoted 7 times
...
surajkrishnamurthy
Most Recent 2 months ago
Selected Answer: C
In Policy number 2 its explicit deny to deleting directories so the IAM user wont be able to delete any directories However in policy number 1 the statement "ec2:*", means the IAM user can perform all activities under the ec2 Therefore as per the given answer choice IAM user can delete an ec2 instance so the choice is C: Deleting Amazon EC2 instances
upvoted 1 times
...
1e22522
7 months, 4 weeks ago
Selected Answer: B
This question and answers feel like a fever dream. what the hell is happening.
upvoted 2 times
...
TariqKipkemei
1 year, 6 months ago
Selected Answer: C
Deleting Amazon EC2 instances
upvoted 2 times
...
Aninina
2 years, 2 months ago
Selected Answer: C
C : Deleting Amazon EC2 instances
upvoted 2 times
...
mhmt4438
2 years, 2 months ago
Selected Answer: C
Answer is C
upvoted 3 times
...
Aninina
2 years, 2 months ago
C : Deleting Amazon EC2 instances
upvoted 2 times
...
bamishr
2 years, 2 months ago
Selected Answer: C
https://www.examtopics.com/discussions/amazon/view/27873-exam-aws-certified-solutions-architect-associate-saa-c02/
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
PCNSA
Paris, 1 minute ago