PCCSE · Question #245
Which three AWS policy types and identities are used to calculate the net effective permissions? (Choose three.)
The correct answer is A. AWS IAM group B. AWS IAM role C. AWS service control policies (SCPs). Prisma Cloud's Cloud Infrastructure Entitlement Management (CIEM) calculates net effective permissions by combining multiple layers of AWS access controls: (A) AWS IAM Groups - users inherit permissions from any groups they belong to; (B) AWS IAM Roles - roles have attached polic
Question
Which three AWS policy types and identities are used to calculate the net effective permissions? (Choose three.)
Options
- AAWS IAM group
- BAWS IAM role
- CAWS service control policies (SCPs)
- DAWS IAM tag policy
- EAWS IAM User
How the community answered
(35 responses)- A89% (31)
- D9% (3)
- E3% (1)
Explanation
Prisma Cloud's Cloud Infrastructure Entitlement Management (CIEM) calculates net effective permissions by combining multiple layers of AWS access controls: (A) AWS IAM Groups - users inherit permissions from any groups they belong to; (B) AWS IAM Roles - roles have attached policies and can be assumed to grant permissions; and (C) AWS Service Control Policies (SCPs) - these are organization-level guardrails that set the maximum permission boundary, and they are essential for determining what is actually allowed versus what appears granted. Option D (IAM tag policies) govern how tags are used but do not grant or deny API permissions. Option E (IAM User) is an identity type, but for net effective permissions calculation the focus is on groups and roles that aggregate permissions - users alone are not one of the three primary policy/identity inputs.
Topics
Community Discussion
No community discussion yet for this question.