Bird
0
0

An IAM user has this policy:

medium📝 Predict Output Q5 of 15
AWS - Identity and Access Management
An IAM user has this policy:
{
  "Effect": "Allow",
  "Action": ["rds:DeleteDBInstance"],
  "Resource": ["*"]
}
What is the least privilege concern here?
AThe policy allows deleting any RDS instance without resource restriction
BThe policy denies deleting any RDS instance
CThe policy restricts deletion to a specific RDS instance only
DThe policy allows only read access to RDS instances
Step-by-Step Solution
Solution:

  1. Step 1: Review Action and Resource

    Action is DeleteDBInstance with Resource set to '*', meaning all instances.

  2. Step 2: Identify least privilege issue

    Allowing delete on all resources is excessive and risky.

  3. Final Answer:

    The policy allows deleting any RDS instance without resource restriction -> Option A

  4. Quick Check:

    Wildcard resource for destructive action violates least privilege [OK]
Quick Trick: Wildcard resource for destructive action violates least privilege [OK]
Common Mistakes:
  • Assuming the policy denies deletion
  • Thinking the policy limits deletion to specific resources

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS Account and Billing - Root user vs IAM user - Quiz 7medium AWS Account and Billing - Setting up billing alerts - Quiz 7medium Cloud Computing Fundamentals - Edge locations and CloudFront overview - Quiz 9hard EC2 Fundamentals - Instance states (running, stopped, terminated) - Quiz 15hard EC2 Fundamentals - Launching an EC2 instance - Quiz 6medium S3 Fundamentals - Creating S3 buckets - Quiz 4medium S3 Fundamentals - Why S3 matters for object storage - Quiz 9hard VPC Fundamentals - Creating a custom VPC - Quiz 10hard VPC Fundamentals - Why VPC provides network isolation - Quiz 8hard VPC Fundamentals - Creating a custom VPC - Quiz 11easy