Forum Replies Created

Viewing 1 - 2 of 2 posts

  • AJam

    Member
    March 24, 2024 at 7:34 pm

    Hello. I do not agree with your explanation. We should not be assuming, instead we should use the information that is provided in the question. So, we should not be excluding any roles in the scp.

  • AJam

    Member
    March 18, 2024 at 3:19 pm

    Hello Nikee.

    Thank you for your response.

    The numbering of the answer options always changes each time you do the test.
    Just wanted to confirm. Are you saying that below is the correct answer? This is what the test is telling is correct.

    {
   "Version":"2012-10-17",
   "Statement":[
      {
         "Sid":"DenyOtherRegions",
         "Effect":"Deny",
         "NotAction":[
            " <global services="" to="" use=""> "
         ],
         "Resource":"*",
         "Condition":{
            "StringNotEquals":{
               "aws:RequestedRegion":"ap-southeast-1"
            },
            "ArnNotLike":{
               "aws:PrincipalARN":"arn:aws:iam:::role/TDojoAdminRole"
            }
         }
      }
   ]
}</global>

    I do not agree with the above because it says that the TDoJoAdminRole is exempt from that restriction. However, this information is not mentioned in the question.

    Instead, I think below is the correct answer.

    {
   "Version":"2012-10-17",
   "Statement":[
      {
         "Sid":"DenyOtherRegions",
         "Effect":"Deny",
         "NotAction":[
            " <global services="" to="" use=""> "
         ],
         "Resource":"*",
         "Condition":{
            "StringNotEquals":{
               "aws:RequestedRegion":"ap-southeast-1"
            }
         }
      }
   ]
}</global>

    Please confirm.

    Thank you


Viewing 1 - 2 of 2 posts