SCS-C02 · Question #320
SCS-C02 Question #320: Real Exam Question with Answer & Explanation
The correct answer is B: An Inline Policy. The AWS Documentation gives an example on such a case Inline policies are useful if you want to maintain a strict one-to-one relationship between a policy and the principal entity that if s applied to. For example, you want to be sure that the permissions in a policy are not inad
Question
You have a vendor that needs access to an AWS resource. You create an AWS user account. You want to restrict access to the resource using a policy for just that user over a brief period. Which of the following would be an ideal policy to use?
Options
- AAn AWS Managed Policy
- BAn Inline Policy
- CA Bucket Policy
- DA bucket ACL
Explanation
The AWS Documentation gives an example on such a case Inline policies are useful if you want to maintain a strict one-to-one relationship between a policy and the principal entity that if s applied to. For example, you want to be sure that the permissions in a policy are not inadvertently assigned to a principal entity other than the one they're intended for. When you use an inline policy, the permissions in the policy cannot be inadvertently attached to the wrong principal entity. In addition, when you use the AWS Management Console to delete that principal entit the policies embedded in the principal entity are deleted as well. That's because they are part of the principal entity. Option A is invalid because AWS Managed Polices are ok for a group of users, but for individual users, inline policies are better. Option C and D are invalid because they are specifically meant for access to S3 buckets
Community Discussion
No community discussion yet for this question.