Home › Forums › AWS › AWS Certified Security – Specialty › Timed Diagnostic Test – AWS Organisations SCP for Development OU – Incomplete › Reply To: Timed Diagnostic Test – AWS Organisations SCP for Development OU – Incomplete
-
Hello Nikee.
Thank you for your response.
The numbering of the answer options always changes each time you do the test.
Just wanted to confirm. Are you saying that below is the correct answer? This is what the test is telling is correct.{ "Version":"2012-10-17", "Statement":[ { "Sid":"DenyOtherRegions", "Effect":"Deny", "NotAction":[ " <global services="" to="" use=""> " ], "Resource":"*", "Condition":{ "StringNotEquals":{ "aws:RequestedRegion":"ap-southeast-1" }, "ArnNotLike":{ "aws:PrincipalARN":"arn:aws:iam:::role/TDojoAdminRole" } } } ] }</global>
I do not agree with the above because it says that the TDoJoAdminRole is exempt from that restriction. However, this information is not mentioned in the question.
Instead, I think below is the correct answer.
{ "Version":"2012-10-17", "Statement":[ { "Sid":"DenyOtherRegions", "Effect":"Deny", "NotAction":[ " <global services="" to="" use=""> " ], "Resource":"*", "Condition":{ "StringNotEquals":{ "aws:RequestedRegion":"ap-southeast-1" } } } ] }</global>
Please confirm.
Thank you