Q26 — AWS SOA-C02 Ch.1

Question 26 of 100 | ← Chapter 1

A company has attached the following policy to an IAM user:  Which of the following actions are allowed for the IAM user?

Correct Answer: C. Amazon EC2 DescribeInstances action in the us-east-1 Region

Explanation

根据政策文档,IAM用户被允许执行以下操作:1. 允许描述RDS实例( RDS:DescribeDBInstances),但没有指定区域,因此不适用于特定区域的操作。2. 允许在us-east-1区域内的EC2实例描述操作(EC2:DescribeInstance)。3. 拒绝除EC2相关操作以外的任何操作,包括S3的PutObject操作。4. 拒绝在eu-west-1区域内的任何EC2操作(因为没有任何允许或拒绝针对该区域的规则)。因此,唯一明确允许的操作是在us-east-1区域内的EC2实例描述操作。