CLF-C02 Domain 2: Security and Compliance

AWS IAM policy evaluation logic includes:

Multiple choice — select one answer

Answer choices

  1. a. Allowed for a defined list of services under AWS policy
  2. b. Use Explicit deny overrides allow for a related capability, but without meeting the requirement described in the scenario
  3. c. Explicit deny overrides allow
  4. d. S3 has no policies, using shared credentials instead of individual accountability.

Architectural breakdown & explanation

By default requests are denied; explicit allow grants access unless explicit deny exists.

Correct answer(s): c. Explicit deny overrides allow

Exam domain: Domain 2: Security and Compliance (30% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the AWS Certified Cloud Practitioner bank. Run a full timed practice exam with domain-weighted random questions in your browser.