A platform administrator wants to let teams attach identity-based policies to roles but still enforce an upper limit on what those roles can ever do. Which IAM feature should be used?

AA service control policy only

BA permissions boundary

CA resource-based policy on every target resource

DAn EventBridge event pattern

More Configuration Management and IaC Questions

37 questions

Full AWS Certified DevOps Engineer - Professional Practice Test

All topics covered

All AWS Certified DevOps Engineer - Professional Questions

Browse by topic

Related Questions

An engineering team must create, update, and delete the same CloudFormation stacks across multiple A...

easy

A fleet operations team wants a secure, scalable configuration management service that keeps managed...

medium

An operations lead needs to choose between State Manager and Maintenance Windows for recurring node ...

medium

A patching team wants to check which managed nodes are missing updates before deciding whether to in...

medium

An organization wants the recommended way to configure recurring patching across all accounts in all...

medium

View all Configuration Management and IaC questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.