AWS Certified SysOps Administrator SOA-C01 – Question502

A root AWS account owner has created three IAM users: Bob, John and Michael. Michael is the IAM administrator. Bob and John are not the super users, but users with some pre-defined policies. John does not have access to modify his password. Thus, he asks Bob to change his password. How can Bob change John's password?

A.
This statement is false. Only Michael can change the password for John
B. This is possible if Michael can add Bob to a group which has permissions to modify the IAM passwords
C. It is not possible for John to modify his password
D. Provided Bob is the manager of John

Correct Answer: B

Explanation:

Explanation: Generally, with IAM users, the password can be modified in two ways. The first option is to define the IAM level policy which allows each user to modify their own passwords. The other option is to create a group and create a policy for the group which can change the passwords of various IAM users.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html