Bird
0
0

What is the final effect when the user tries to invoke that function?

hard📝 Application Q9 of 15
AWS - Identity and Access Management
A user has a policy allowing lambda:InvokeFunction on all functions, but a resource-based policy on a specific Lambda function denies lambda:InvokeFunction for that user. What is the final effect when the user tries to invoke that function?
AThe invocation is denied due to resource-based policy deny
BThe invocation is allowed because user policy allows it
CThe invocation is allowed only if the user is in the same account
DThe invocation is denied unless the user has admin privileges
Step-by-Step Solution
Solution:

  1. Step 1: Understand policy types

    User policy allows, but resource-based policy explicitly denies.

  2. Step 2: Apply evaluation precedence

    Explicit Deny in resource-based policy overrides user Allow.

  3. Final Answer:

    Invocation is denied due to explicit deny -> Option A

  4. Quick Check:

    Resource Deny overrides user Allow [OK]
Quick Trick: Resource policy Deny beats user policy Allow [OK]
Common Mistakes:
  • Assuming user policy always wins
  • Ignoring resource-based policy effect
  • Thinking account ownership affects deny

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS Account and Billing - AWS Cost Explorer basics - Quiz 8hard AWS CLI - CLI output formats (json, table, text) - Quiz 6medium AWS CLI - Installing AWS CLI - Quiz 2easy Cloud Computing Fundamentals - What is cloud computing - Quiz 6medium EC2 Fundamentals - Instance states (running, stopped, terminated) - Quiz 3easy Identity and Access Management - IAM roles concept - Quiz 14medium Identity and Access Management - Multi-factor authentication setup - Quiz 11easy Identity and Access Management - IAM users and groups - Quiz 9hard S3 Fundamentals - S3 versioning - Quiz 11easy Security Groups and Network ACLs - Stateless behavior of NACLs - Quiz 1easy