ANS-C01 Network Management and Operations • Set 9
ANS-C01 Network Management and Operations Practice Test 9 — 15 questions with explanations. Free, no signup.
A network engineer created an IAM policy for a user to manage VPC Flow Logs. The user reports they cannot create flow logs and receive an 'AccessDenied' error. What is the MOST likely reason?
Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:CreateFlowLogs",
"ec2:DescribeFlowLogs",
"ec2:DeleteFlowLogs"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogGroups"
],
"Resource": "arn:aws:logs:us-east-1:123456789012:log-group:/aws/vpc-flow-logs/*"
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": "arn:aws:iam::123456789012:role/FlowLogsRole"
}
]
}
```