DOP-C02
Configuration Management and IaC
hard
Question 4 of 37

A role has an identity-based policy that allows IAM administration, but the same role also has a permissions boundary that allows only Amazon S3, CloudWatch, and Amazon EC2 actions. What is the result?

AThe role can administer IAM because identity-based policies always override boundaries
BThe role can use only actions allowed by both the identity-based policy and the permissions boundary
CThe role loses all permissions because boundaries disable identity-based policies
DThe role gains the union of both policy documents

More Configuration Management and IaC Questions

37 questions

Full AWS Certified DevOps Engineer - Professional Practice Test

All topics covered

All AWS Certified DevOps Engineer - Professional Questions

Browse by topic

Related Questions

An engineering team must create, update, and delete the same CloudFormation stacks across multiple A...

easy

A platform administrator wants to let teams attach identity-based policies to roles but still enforc...

easy

A fleet operations team wants a secure, scalable configuration management service that keeps managed...

medium

An operations lead needs to choose between State Manager and Maintenance Windows for recurring node ...

medium

A patching team wants to check which managed nodes are missing updates before deciding whether to in...

medium
View all Configuration Management and IaC questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account