If you had to pick one topic that test-takers most frequently get wrong on the SCS-C03 exam, it would be IAM policy evaluation logic. The question "Will this request be allowed or denied?" is scattered throughout the exam domains, with all four answer choices appearing plausible and only one correct answer. The reason is that IAM is not a simple ON/OFF switch, but rather a multi-layered decision engine where six types of policies are evaluated simultaneously.
At the Associate level, the simple model of "if IAM policy allows, access is granted" was sufficient