AWS Certified SysOps Administrator – Associate (legacy) — Question 788

A root AWS account owner has created three IAM users: Bob, John and Michael. Michael is the IAM administrator. Bob and John are not the super users, but users with some pre-defined policies. John does not have access to modify his password. Thus, he asks Bob to change his password. How can Bob change
John's password?

Answer options

• A. This statement is false. Only Michael can change the password for John
• B. This is possible if Michael can add Bob to a group which has permissions to modify the IAM passwords
• C. It is not possible for John to modify his password
• D. Provided Bob is the manager of John

Correct answer: B

Explanation

In AWS IAM, permissions are explicitly defined by policies. For Bob to modify John's password, Bob must be granted the necessary IAM permissions (such as updating login profiles), which Michael, as the administrator, can delegate by adding Bob to a group with the appropriate policies. Organizational roles like being a manager do not automatically grant technical permissions in AWS.