ACorrect
An IAM policy
Correct. An IAM policy is a JSON document that defines which actions are allowed (Allow) or denied (Deny) on which resources. It is attached to users, groups, or roles to control who can do what.
In IAM, what is the JSON-format document that defines which users or roles are allowed or denied specific actions on specific AWS resources?
1 / 1
Select an answer
CorrectA
Explanation
Identify the name of the JSON document that defines permissions (IAM policy).
- 1「allowed or denied specific actions」Defining Allow/Deny = a policy
- 2「JSON-format document」Policies are written in JSON
- 3「specific AWS resources」A permission definition that specifies target resources
BIncorrect
A security group
A security group is a virtual firewall that controls inbound and outbound traffic (ports and IP addresses) to instances.
It is not a JSON document that defines Allow/Deny for AWS API operations, so this is incorrect.
CIncorrect
The root user
The root user is a concept referring to the highest-level account created when an AWS account is set up. It is not a document that defines permissions.
The term type is different, so this is incorrect.
DIncorrect
An access key
An access key is a credential (ID and secret) used for programmatic authentication.
It is not a document that defines Allow/Deny for operations, so this is incorrect.
Key Takeaway
IAM components: user / group / role (who) and policy (a JSON that defines what they can do). 'A JSON that defines Allow/Deny' = policy. Do not confuse with a security group (which controls network traffic).