Dave is the main administrator in Example Corp., and he decides to use paths to help delineate the users in the company and set up a separate administrator group for each path-based division.

Posted by: Pdfprep Category: SAP-C01 Tags: , ,

Dave is the main administrator in Example Corp., and he decides to use paths to help delineate the users in the company and set up a separate administrator group for each path-based division.

Following is a subset of the full list of paths he plans to use:

• /marketing

• /sales

• /legal

Dave creates an administrator group for the marketing part of the company and calls it Marketing_Admin.

He assigns it the /marketing path. The group’s ARN is arn:aws:iam::123456789012:group/marketing/Marketing_Admin.

Dave assigns the following policy to the Marketing_Admin group that gives the group permission to use all IAM actions with all groups and users in the /marketing path. The policy also gives the Marketing_Admin group permission to perform any AWS S3 actions on the objects in the portion of the corporate bucket.

{

"Version": "2012-10-17",

"Statement": [

{

"Effect": "Deny",

"Action": "iam:*",

"Resource": [

"arn:aws:iam::123456789012:group/marketing/*",

"arn:aws:iam::123456789012:user/marketing/*"

]

},

{

"Effect": "Allow",

"Action": "s3:*",

"Resource": "arn:aws:s3:::example_bucket/marketing/*"

},

{

"Effect": "Allow",

"Action": "s3:ListBucket*",

"Resource": "arn:aws:s3:::example_bucket",

"Condition":{"StringLike":{"s3:prefix": "marketing/*"}}

}

]

}
A . True
B . False

Answer: B

Explanation:

Effect Deny

Leave a Reply

Your email address will not be published.