AWS Certified Solutions Architect – Professional — Question 507
If no explicit deny is found while applying IAM's Policy Evaluation Logic, the enforcement code looks for any ______ instructions that would apply to the request.
Answer options
- A. "cancel"
- B. "suspend"
- C. "allowג€
- D. "valid"
Correct answer: C
Explanation
AWS IAM policy evaluation operates on a default-deny basis. If no explicit deny is found in the applicable policies, the enforcement engine searches for at least one explicit 'allow' statement to authorize the request; without it, the request is implicitly denied.