Which statement regarding AWS IAM policies is true?

Disable ads (and more) with a premium pass for a one time $4.99 payment

Prepare for the Amazon Web Services (CISN 74A) Security Test with our interactive quizzes. Use multiple choice questions with detailed hints and explanations to ace your exam.

The statement regarding AWS IAM policies that is true centers around resource-based policies being attached to resources and granting permissions. Resource-based policies, such as those associated with S3 buckets or AWS Lambda functions, allow you to define who can access the resource and what actions they can perform. This is key for scenarios where you want to control access across different AWS accounts or put restrictions on specific actions that can be performed on a resource.

By using resource-based policies, you can grant permission to other AWS accounts or services, delivering a flexible way to manage access control beyond just user or group contexts. This capability supports best practices in security by allowing fine-grained access control directly associated with resources rather than relying solely on identity-based policies, which are attached to IAM users or groups.

The other choices do not accurately represent how IAM policies work. For instance, inline policies are specific to an individual user or group and do not apply to all users under an AWS account; they are rather unique to the entity they are attached to. IAM policies can include both AWS managed policies and customer managed policies, so the notion that they can only consist of AWS managed policies is incorrect. Lastly, user-based policies (identity-based policies) can indeed provide granularity by specifying exactly which actions are