Bird
0
0

If an IAM user has the following policy:

medium📝 Predict Output Q5 of 15
AWS - Identity and Access Management
If an IAM user has the following policy:
{"Effect": "Deny", "Action": "ec2:TerminateInstances", "Resource": "*"}

What happens when the user tries to terminate an EC2 instance?
AThe user receives an error due to syntax
BThe termination request is allowed
CThe user can terminate only instances they own
DThe termination request is denied
Step-by-Step Solution
Solution:

  1. Step 1: Understand Deny effect in IAM policies

    A Deny effect explicitly blocks the specified action regardless of other permissions.

  2. Step 2: Check action and resource

    The action 'ec2:TerminateInstances' is denied on all resources (*) for this user.

  3. Final Answer:

    The termination request is denied -> Option D

  4. Quick Check:

    Deny overrides allow = C [OK]
Quick Trick: Explicit Deny always blocks the action [OK]
Common Mistakes:
MISTAKES
  • Thinking Deny can be overridden by Allow
  • Assuming syntax error in policy
  • Believing user can terminate owned instances

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS Account and Billing - Setting up billing alerts - Quiz 5medium AWS Account and Billing - Resource tagging for cost tracking - Quiz 6medium AWS CLI - Installing AWS CLI - Quiz 12easy EC2 Fundamentals - EC2 pricing models (on-demand, reserved, spot) - Quiz 6medium EC2 Fundamentals - Launching an EC2 instance - Quiz 3easy Identity and Access Management - Why IAM is foundational - Quiz 8hard S3 Fundamentals - Static website hosting on S3 - Quiz 13medium S3 Fundamentals - Creating S3 buckets - Quiz 15hard Security Groups and Network ACLs - Network ACLs overview - Quiz 8hard Security Groups and Network ACLs - Stateful behavior of security groups - Quiz 2easy