AWS Certified Cloud Practitioner

Get started today

Ultimate access to all questions.

Explanation:

Explanation: An explicit Deny always overrides an Allow. The first statement grants all EC2 actions, but the second explicitly denies terminate and delete, so those two are blocked.

Explanation:

Explanation: An explicit Deny always overrides an Allow. The first statement grants all EC2 actions, but the second explicitly denies terminate and delete, so those two are blocked.

Comments (0)

No comments yet.

Question 2

What is the net effect of the following IAM policy on EC2 actions?

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ec2:*",
      "Resource": "*"
    },
    {
      "Effect": "Deny",
      "Action": ["ec2:TerminateInstances", "ec2:DeleteVolume"],
      "Resource": "*"
    }
  ]
}

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ec2:*",
      "Resource": "*"
    },
    {
      "Effect": "Deny",
      "Action": ["ec2:TerminateInstances", "ec2:DeleteVolume"],
      "Resource": "*"
    }
  ]
}

Real Exam

Community

RRitesh

Last updated: May 8, 2026 at 17:59

No EC2 actions are allowed

0.0%

All EC2 actions are allowed including terminate and delete

0.0%

All EC2 actions are allowed except TerminateInstances and DeleteVolume

100.0%

Only TerminateInstances and DeleteVolume are allowed