Prev Question
Next Question

A user has set an IAM policy where it allows all requests if a request from IP 10.10.10.1/32. Another policy allows all the
requests between 5 PM to 7 PM. What will happen when a user is requesting access from IP 10.10.10.1/32 at 6 PM?

A.
IAM will throw an error for policy conflict

B.
It is not possible to set a policy based on the time or IP

C.
It will deny access

D.
It will allow access

Explanation:
With regard to IAM, when a request is made, the AWS service decides whether a given request should be allowed or
denied. The evaluation logic follows these rules:
– By default, all requests are denied. (In general, requests made using the account credentials for resources in the account
are always allowed.)
– An explicit allow policy overrides this default.
– An explicit deny policy overrides any allows.
http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_EvaluationLogic.html

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *