AWS Certified SysOps Administrator – Associate (legacy) — Question 806

AWS IAM permissions can be assigned in two ways:

Answer options

• A. as role-based or as resource-based.
• B. as identity-based or as resource-based.
• C. as security group-based or as key-based.
• D. as user-based or as key-based.

Correct answer: B

Explanation

AWS Identity and Access Management (IAM) policies are broadly categorized into identity-based policies and resource-based policies. Identity-based policies are attached directly to IAM identities like users, groups, or roles, whereas resource-based policies are attached directly to AWS resources such as S3 buckets. Other options, such as security groups or key-based access, refer to different security mechanisms rather than the primary IAM policy types.