IAM provides several policy templates you can use to automatically assign permissions to the groups you
create. The _____ policy template gives the Admins group permission to access all account resources, except
your AWS account information
A.
Read Only Access
B.
Power User Access
C.
AWS Cloud Formation Read Only Access
D.
Administrator Access
Explanation:
AWS managed policies are designed to provide permissions for many common use cases. For example, there
are AWS managed policies that define typical permissions for administrators (all access), for power users (all
access except IAM), and for other various levels of access to AWS services. AWS managed policies make it
easier for you to assign appropriate permissions to users, groups, and roles than if you had to write the policies
yourself.
http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html
B
No D, read explanation.
Power users are ones who have full access to AWS services but management of IAM users ,groups is not allowed to them.
But root users have access to manage IAM users and groups
Ans Power user
It’s D. It’s not talking about IAM, AWS account information is about account’s contact information, payment currency etc. You don’t need your AWS administrator to access that. But you need them to have all other access, including IAM – ability to create users etc. A power user cannot access IAM at all, but that’s not what the question is asking.
D
https://www.aiotestking.com/amazon/the-_-policy-template-gives-the-admins-group-permission-to-access-all-account-resources-except-your-aws-account-information/
See Vladam’s response:
To clarify the confusion: AWS account information is about account’s contact information, payment currency etc. You don’t need your AWS administrator to access that. But you need them to have all other access, including IAM – ability to create users etc.
This is the whole idea behind the strong recommendation that you create an Administrator level IAM user and always use that account instead of your root account.