Bird
0
0

You find an IAM role with this policy:

medium📝 Debug Q7 of 15
AWS - Identity and Access Management
You find an IAM role with this policy:
{"Effect": "Allow", "Action": ["dynamodb:*"] , "Resource": ["*"]}
What is the best fix to follow least privilege?
AAdd more '*' resources
BRemove the policy entirely
CChange Effect to Deny
DLimit actions to only required DynamoDB operations and specify resource ARNs
Step-by-Step Solution
Solution:

  1. Step 1: Identify problem

    Policy allows all DynamoDB actions on all resources, too broad.

  2. Step 2: Apply least privilege fix

    Restrict actions to needed ones and specify exact resource ARNs.

  3. Final Answer:

    Limit actions to only required DynamoDB operations and specify resource ARNs -> Option D

  4. Quick Check:

    Least privilege = restrict actions and resources [OK]
Quick Trick: Specify exact actions and resources, no wildcards [OK]
Common Mistakes:
  • Removing policy breaks functionality
  • Changing allow to deny blocks access
  • Adding more wildcards increases risk

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS Account and Billing - Root user vs IAM user - Quiz 7medium AWS Account and Billing - Setting up billing alerts - Quiz 7medium Cloud Computing Fundamentals - Edge locations and CloudFront overview - Quiz 9hard EC2 Fundamentals - Instance states (running, stopped, terminated) - Quiz 15hard EC2 Fundamentals - Launching an EC2 instance - Quiz 6medium S3 Fundamentals - Creating S3 buckets - Quiz 4medium S3 Fundamentals - Why S3 matters for object storage - Quiz 9hard VPC Fundamentals - Creating a custom VPC - Quiz 10hard VPC Fundamentals - Why VPC provides network isolation - Quiz 8hard VPC Fundamentals - Creating a custom VPC - Quiz 11easy