Q26 — AWS SOA-C02 Ch.1
Question 26 of 100 | ← Chapter 1
A company has attached the following policy to an IAM user: Which of the following actions are allowed for the IAM user?
- A. Amazon RDS DescribeDBInstances action in the us-east-1 Region
- B. Amazon S3 PutObject operation in a bucket named testbucket
- C. Amazon EC2 DescribeInstances action in the us-east-1 Region ✓
- D. Amazon EC2 AttachNetworkInterface action in the eu-west-1 Region
Correct Answer: C. Amazon EC2 DescribeInstances action in the us-east-1 Region
Explanation
根据政策文档,IAM用户被允许执行以下操作:1. 允许描述RDS实例( RDS:DescribeDBInstances),但没有指定区域,因此不适用于特定区域的操作。2. 允许在us-east-1区域内的EC2实例描述操作(EC2:DescribeInstance)。3. 拒绝除EC2相关操作以外的任何操作,包括S3的PutObject操作。4. 拒绝在eu-west-1区域内的任何EC2操作(因为没有任何允许或拒绝针对该区域的规则)。因此,唯一明确允许的操作是在us-east-1区域内的EC2实例描述操作。