SCS-C03
Identity and Access Management
hard
Question 4 of 40

A team attaches a resource-based policy statement that uses NotPrincipal with Deny to a resource. Some IAM roles with permissions boundaries unexpectedly lose access. According to AWS guidance, what should the team do?

AReplace the statement with ArnNotEquals on the aws:PrincipalArn condition key
BRemove the permissions boundaries from all roles
CConvert the resource-based policy into an SCP
DUse only inline policies on the roles

More Identity and Access Management Questions

40 questions

Full AWS Certified Security - Specialty Practice Test

All topics covered

All AWS Certified Security - Specialty Questions

Browse by topic

Related Questions

Which statement about temporary security credentials from AWS STS is correct?...

easy

What is the primary purpose of a permissions boundary for an IAM user or role?...

easy

A company wants one place to assign permissions to groups of workforce users across multiple AWS acc...

easy

A security team wants to identify Amazon S3 buckets and IAM roles in its organization that are share...

medium

A company enabled an external access analyzer in one AWS Region and expects it to monitor all suppor...

medium
View all Identity and Access Management questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account