A solutions architect created two IAM policies named Policy1 and Policy2 and attached them to an IAM group. A cloud engineer is added as an IAM user to that group. Which action will the cloud engineer be able to perform?
Choose an answer
Tap an option to check your answer.
Correct answer: Deleting Amazon EC2 instances.
Why this is the answer
The cloud engineer's permissions are determined by the combination of all policies attached to their IAM user, or to any groups they belong to. In this scenario, the engineer is part of a group with Policy1 and Policy2. To determine what action the engineer can perform, you would need to examine the specific permissions granted by Policy1 and Policy2. Since "Deleting Amazon EC2 instances" is the correct answer, it implies that at least one of these policies explicitly grants the ec2:TerminateInstances permission (or a broader permission that includes it, like ec2:). The other options are incorrect because the policies attached to the group do not grant permissions for deleting IAM users (iam:DeleteUser), deleting directories (which is not a direct AWS service action, but might relate to S3 objects or EFS files, requiring specific S3 or EFS delete permissions), or deleting CloudWatch Logs (logs:DeleteLogGroup or logs:DeleteLogStream). Without seeing the actual policy documents, we infer the correct action based on the provided answer.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed