Home › AWS Security › cloudcomputing › scsinfraiam › Which IAM feature lets an architect cap the MAXI…
Which IAM feature lets an architect cap the MAXIMUM permissions an entity (user/role) can have — used to safely delegate permission management without granting Admin?
AIAM permissions boundaries
BDisabling IAM entirely
CSharing the root password
DCloudTrail-only auditing
Answer & Solution
Correct answer: A. IAM permissions boundaries
Permissions boundaries cap effective permissions (per SCS-C02 §4.2). The other options are anti-patterns or non-controls.
Related questions
Which AWS service is the customer-identity-and-access-management (CIAM) service for consumWhich AWS service federates corporate identities (Active Directory, Okta, Azure AD) into AWhich AWS service is the canonical identity store for managing IAM users, roles, groups, aWhich AWS feature lets a security engineer trace whether traffic from a source ENI to a deWhich AWS service is the managed stateful firewall for VPC traffic — supporting Suricata-cWhich AWS service provides centralised firewall management — deploying WAF rules, Shield AWhich AWS networking primitive is STATELESS, attached at the subnet level, supports both aWhich AWS networking primitive is STATEFUL, lives at the ENI level, allows traffic by allo