Bird
0
0

Given this IAM policy snippet:

medium📝 service behavior Q4 of 15
AWS - Identity and Access Management
Given this IAM policy snippet:
{"Effect": "Deny", "Action": "ec2:StartInstances", "Resource": "*"}
What will happen if a user tries to start any EC2 instance?
AThe user will be denied permission to start any EC2 instance
BThe user will be allowed to start EC2 instances
CThe policy will cause a syntax error and not apply
DThe user can start instances only in specific regions
Step-by-Step Solution
Solution:

  1. Step 1: Understand the "Effect" and "Action" in the policy

    The "Effect" is "Deny" for the action "ec2:StartInstances" on all resources ("*").

  2. Step 2: Interpret the policy effect on user actions

    This means the user is explicitly denied permission to start any EC2 instance regardless of other policies.

  3. Final Answer:

    User is denied permission to start EC2 instances -> Option A

  4. Quick Check:

    Effect Deny + Action = Deny action [OK]
Quick Trick: "Deny" always blocks the specified action regardless of other policies [OK]
Common Mistakes:
  • Assuming Deny means allow
  • Ignoring the wildcard resource
  • Thinking region limits apply here

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS Account and Billing - Setting up billing alerts - Quiz 1easy AWS Account and Billing - Free tier usage monitoring - Quiz 4medium AWS CLI - Installing AWS CLI - Quiz 12easy Cloud Computing Fundamentals - AWS Management Console walkthrough - Quiz 8hard EC2 Fundamentals - Why EC2 matters for compute - Quiz 6medium Identity and Access Management - Assuming roles for temporary access - Quiz 14medium S3 Fundamentals - S3 versioning - Quiz 10hard Security Groups and Network ACLs - Security groups vs NACLs decision - Quiz 12easy Security Groups and Network ACLs - Stateless behavior of NACLs - Quiz 1easy VPC Fundamentals - Internet Gateway for public access - Quiz 4medium