🔥 3-day streak
AWS Certified Security - Specialty78 / 184
Question 78 of 184
A security engineer attaches a permission boundary to an IAM role that allows only Amazon S3 and Amazon DynamoDB actions. The role's identity-based policy grants full access to S3, DynamoDB, and Amazon SQS. The AWS account belongs to an organization whose SCP allows S3 and SQS actions but does not include DynamoDB. There is no explicit deny anywhere. When the role attempts each service, which actions are effectively allowed?
Reviewed for accuracy · Report an issueNext question