🔥 3-day streak
AWS Certified Security - Specialty62 / 157
Question 62 of 157
A security engineer is designing guardrails for a development team. Developers assume an IAM role that has an identity-based policy granting full access to Amazon S3 and Amazon DynamoDB. The role also has a permissions boundary attached that allows only S3 actions. The account is in an OU whose Service Control Policy (SCP) allows only DynamoDB actions (and denies nothing explicitly). A developer using this role attempts an s3:PutObject call and a dynamodb:PutItem call. What is the result?
Reviewed for accuracy · Report an issueNext question