Bird
0
0

What happens if an AWS IAM policy has both an explicit Allow and an explicit Deny for the same action?

easy📝 Conceptual Q11 of 15
AWS - Identity and Access Management
What happens if an AWS IAM policy has both an explicit Allow and an explicit Deny for the same action?
AThe explicit Deny always overrides the Allow.
BThe Allow always overrides the Deny.
CThe action is allowed only if the user is an administrator.
DThe action is denied only if there is a condition attached.
Step-by-Step Solution
Solution:

  1. Step 1: Understand explicit Deny effect

    In AWS IAM, an explicit Deny always takes priority over any Allow for the same action.

  2. Step 2: Apply policy evaluation logic

    Even if a policy allows an action, if another policy explicitly denies it, the Deny wins and the action is blocked.

  3. Final Answer:

    The explicit Deny always overrides the Allow. -> Option A

  4. Quick Check:

    Explicit Deny > Allow [OK]
Quick Trick: Remember: Deny always beats Allow in AWS policies [OK]
Common Mistakes:
MISTAKES
  • Thinking Allow can override Deny
  • Ignoring explicit Deny effect
  • Assuming conditions affect Deny priority

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS CLI - Installing AWS CLI - Quiz 14medium AWS CLI - CLI scripting basics - Quiz 5medium Cloud Computing Fundamentals - AWS global infrastructure (regions, AZs) - Quiz 8hard Cloud Computing Fundamentals - AWS global infrastructure (regions, AZs) - Quiz 13medium Identity and Access Management - Managed vs inline policies - Quiz 9hard Identity and Access Management - IAM users and groups - Quiz 2easy Security Groups and Network ACLs - Default security group behavior - Quiz 9hard Security Groups and Network ACLs - Security group as virtual firewall - Quiz 11easy VPC Fundamentals - Creating a custom VPC - Quiz 6medium VPC Fundamentals - Route tables configuration - Quiz 15hard