CertPrepNow
AWSSAA-C03100 cards4 domains

SAA-C03 Flashcards

Active recall study cards for the AWS Certified Solutions Architect – Associate exam. Flip each card to reveal the answer, filter by domain, or shuffle for spaced repetition.

0 / 100 cards reviewed0% done
x
Card 1 of 100
secure-architectures

What is the correct order of IAM policy evaluation?

Click to reveal answer

Answer

Explicit Deny always wins first. Then Organizations SCP (and RCP if configured). Then resource-based policy (grants access within same account alone). Then identity-based policy (limited by permissions boundary). Finally, implicit Deny if no Allow applies. Cross-account access requires BOTH a resource-based and identity-based policy to allow.

Click to flip back

Tip: Use Space to flip, / to navigate

Ready for the real thing?

Take a timed SAA-C03mock exam to test what you've learned.