nerdexam
Palo_Alto_Networks

PCCSE · Question #245

Which three AWS policy types and identities are used to calculate the net effective permissions? (Choose three.)

The correct answer is A. AWS IAM group B. AWS IAM role C. AWS service control policies (SCPs). Prisma Cloud's Cloud Infrastructure Entitlement Management (CIEM) calculates net effective permissions by combining multiple layers of AWS access controls: (A) AWS IAM Groups - users inherit permissions from any groups they belong to; (B) AWS IAM Roles - roles have attached polic

Cloud Infrastructure Entitlement Management (CIEM)

Question

Which three AWS policy types and identities are used to calculate the net effective permissions? (Choose three.)

Options

  • AAWS IAM group
  • BAWS IAM role
  • CAWS service control policies (SCPs)
  • DAWS IAM tag policy
  • EAWS IAM User

How the community answered

(35 responses)
  • A
    89% (31)
  • D
    9% (3)
  • E
    3% (1)

Explanation

Prisma Cloud's Cloud Infrastructure Entitlement Management (CIEM) calculates net effective permissions by combining multiple layers of AWS access controls: (A) AWS IAM Groups - users inherit permissions from any groups they belong to; (B) AWS IAM Roles - roles have attached policies and can be assumed to grant permissions; and (C) AWS Service Control Policies (SCPs) - these are organization-level guardrails that set the maximum permission boundary, and they are essential for determining what is actually allowed versus what appears granted. Option D (IAM tag policies) govern how tags are used but do not grant or deny API permissions. Option E (IAM User) is an identity type, but for net effective permissions calculation the focus is on groups and roles that aggregate permissions - users alone are not one of the three primary policy/identity inputs.

Topics

#AWS IAM#Effective Permissions#Service Control Policies#Access Control

Community Discussion

No community discussion yet for this question.

Full PCCSE Practice