Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

🚀 25% OFF All Practice Exams, Video Courses, & eBooks – Cyber Sale Extension!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty Security Speciality Timed mode Diagnostic test – 45 Reply To: Security Speciality Timed mode Diagnostic test – 45

  • Vinod4b9

    Member
    May 18, 2021 at 6:04 pm

    Hi Carlo,

    Thanks for the details here , Actually now i got the solution after looking at solution as below

    The option that says: The SCP does not explicitly allow the required action that would enable the account to create an S3 bucket is correct because the default service policy was changed which means that you would need to explicitly allow your account access to S3 to be able to create buckets. By removing the default FullAWSAccess SCP, all actions for all services are now implicitly denied. To use SCPs as a whitelist, you must replace the AWS-managed FullAWSAccess SCP with an SCP that explicitly permits only those services and actions that you want to allow. Your custom SCP then overrides the implicit Deny with an explicit Allow for only those actions that you want to permit.

    If you look at the highlighted line , I guess now as we remove the default full access , I guess this makes sense now , But I feel that is some thing which you need to update in question also right because how can the user know that you have removed default full access AWS scp here ?

Skip to content