Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 22 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02

Question #: 22
Topic #: 1

[All AWS Certified Security - Specialty SCS-C02 Questions]

A security engineer creates an Amazon S3 bucket policy that denies access to all users. A few days later, the security engineer adds an additional statement to the bucket policy to allow read-only access to one other employee. Even after updating the policy, the employee sill receives an access denied message.
What is the likely cause of this access denial?

A. The ACL in the bucket needs to be updated.
B. The IAM policy does not allow the user to access the bucket.
C. It takes a few minutes for a bucket policy to take effect.
D. The allow permission is being overridden by the deny.

Show Suggested Answer

Suggested Answer: D 🗳️

by aragon_saa at Oct. 4, 2023, 1:14 a.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Submit Cancel

navid1365

7 months, 2 weeks ago

Selected Answer: D

Explicit deny statements cannot be overridden by allow statements

upvoted 4 times

...

trashbox

1 year ago

Exam on 2023-12-18

upvoted 1 times

...

[Removed]

1 year, 1 month ago

Selected Answer: D

"An explicit deny in any policy overrides any allows." https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow

upvoted 4 times

...