Bird
0
0

Why does AWS IAM policy evaluation always result in an implicit deny if no explicit allow is found?

hard📝 Conceptual Q10 of 15
AWS - Identity and Access Management
Why does AWS IAM policy evaluation always result in an implicit deny if no explicit allow is found?
ATo allow all actions unless denied
BBecause AWS trusts all users by default
CTo enforce least privilege by default
DBecause explicit deny is optional
Step-by-Step Solution
Solution:

  1. Step 1: Understand IAM security principle

    IAM uses least privilege, denying all actions unless explicitly allowed.

  2. Step 2: Explain implicit deny purpose

    This ensures users have only permissions they need, improving security.

  3. Final Answer:

    Implicit deny enforces least privilege -> Option C

  4. Quick Check:

    Implicit Deny = Least Privilege [OK]
Quick Trick: Implicit deny protects by default, allowing only explicit permissions [OK]
Common Mistakes:
  • Thinking AWS trusts users by default
  • Believing allow is default
  • Confusing deny and allow roles

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS Account and Billing - AWS Cost Explorer basics - Quiz 8hard AWS CLI - CLI output formats (json, table, text) - Quiz 6medium AWS CLI - Installing AWS CLI - Quiz 2easy Cloud Computing Fundamentals - What is cloud computing - Quiz 6medium EC2 Fundamentals - Instance states (running, stopped, terminated) - Quiz 3easy Identity and Access Management - IAM roles concept - Quiz 14medium Identity and Access Management - Multi-factor authentication setup - Quiz 11easy Identity and Access Management - IAM users and groups - Quiz 9hard S3 Fundamentals - S3 versioning - Quiz 11easy Security Groups and Network ACLs - Stateless behavior of NACLs - Quiz 1easy