AWS Certified Solutions Architect – Professional — Question 193

A user has set the IAM policy where it denies all requests if a request is not from IP 10.10.10.1/32. The other policy says allow all requests between 5 PM to 7
PM.
What will happen when a user is requesting access from IP 55.109.10.12/32 at 6 PM?

Answer options

• A. It will deny access
• B. It is not possible to set a policy based on the time or IP
• C. IAM will throw an error for policy conflict
• D. It will allow access

Correct answer: A

Explanation

The request from IP 55.109.10.12/32 will be denied because the IAM policy explicitly denies all requests that do not come from the specified IP, regardless of the time. The other options are incorrect because time-based policies are valid, IAM does not throw errors for policy conflicts but applies the most restrictive policy, and access cannot be allowed when the IP does not match.