AWS Certified Solutions Architect – Professional — Question 120

The Principal element of an IAM policy refers to the specific entity that should be allowed or denied permission, whereas the translates to everyone except the specified entity.

Answer options

• A. NotPrincipal
• B. Vendor
• C. Principal
• D. Action

Correct answer: A

Explanation

The correct answer is A (NotPrincipal) because it defines entities that are explicitly denied permissions, contrasting with the Principal element that specifies who is granted permissions. Options B (Vendor) and D (Action) do not relate to defining access control based on exclusion, and option C (Principal) pertains to the entity being granted or denied permissions rather than those being excluded.