AWS Certified Cloud Practitioner (CLF-C02) — Question 280

A company has a managed IAM policy that does not grant the necessary permissions for users to accomplish required tasks.

How can this be resolved?

Answer options

• A. Enable AWS Shield Advanced.
• B. Create a custom IAM policy.
• C. Use a third-party web application firewall (WAF) managed rule from the AWS Marketplace.
• D. Use AWS Key Management Service (AWS KMS) to create a customer-managed key.

Correct answer: B

Explanation

When AWS managed policies do not provide the exact permissions required for specific tasks, creating a customer-managed (custom) IAM policy allows the organization to define precise, fine-grained permissions. AWS Shield Advanced and AWS WAF rules are security services designed for DDoS protection and web application security, respectively, and do not manage IAM user permissions. AWS KMS customer-managed keys are utilized for data encryption and do not resolve access control gaps in IAM policies.