ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 177 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 177
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A Security Engineer creates an Amazon S3 bucket policy that denies access to all users. A few days later, the Security Engineer adds an additional statement to the bucket policy to allow read-only access to one other employee. Even after updating the policy, the employee still receives an access denied message.
What is the likely cause of this access denial?

  • A. The ACL in the bucket needs to be updated
  • B. The IAM policy does not allow the user to access the bucket
  • C. It takes a few minutes for a bucket policy to take effect
  • D. The allow permission is being overridden by the deny
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by rushirajsingh at Aug. 29, 2020, 6:05 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rushirajsingh
Highly Voted 3 years, 8 months ago
D https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html "Remember, an explicit deny in any of these policies overrides the allow."
upvoted 21 times
...
kiev
Highly Voted 3 years, 7 months ago
explicit deny+ explicit allow =deny and therefore D
upvoted 5 times
...
dcasabona
Most Recent 2 years, 10 months ago
Selected Answer: D
The question says "Security Engineer amends the bucket policy to enable one extra employee read-only access"which means an extra section... It means the bucket policy has an extra line to allow permission, but the deny still exists and overwrite the allow....
upvoted 1 times
...
xaocho
2 years, 11 months ago
Selected Answer: D
go to D
upvoted 1 times
...
CollinsWolf
3 years ago
the bucket policy was updated right ? then the users IAM policy needs to be upgraded so C
upvoted 1 times
...
MoreOps
3 years, 1 month ago
Selected Answer: D
Easy D, Bless me with this on my test - Amen
upvoted 3 times
...
ceros399
3 years, 2 months ago
Selected Answer: D
D as the old deny is still matching every possible user, even if we have a more specific rule in the policy, the deny always win!
upvoted 1 times
...
RaySmith
3 years, 3 months ago
D is correct
upvoted 1 times
...
Radhaghosh
3 years, 4 months ago
D is the answer, fundamentals of policy evaluation logic.
upvoted 1 times
...
skipbaylessfor3
3 years, 7 months ago
Is there any reason it can't be A?
upvoted 2 times
skipbaylessfor3
3 years, 7 months ago
Lol I guess even though I'm not sure about whether A makes sense or not (I think it doesn't, since its usually used to grant cross account access), D is the most likely reason, and that's what the question is asking about
upvoted 2 times
...
...
sanjaym
3 years, 7 months ago
D for sure.
upvoted 2 times
...
kely
3 years, 7 months ago
D is correct
upvoted 1 times
...
cbellingerx1
3 years, 7 months ago
It is D, explicit deny!!
upvoted 1 times
...
farziuser
3 years, 7 months ago
D Deny trumps over allow.
upvoted 1 times
...
deegadaze1
3 years, 8 months ago
D- correct
upvoted 1 times
...
Awraith
3 years, 8 months ago
D for sure.
upvoted 1 times
...
sanc
3 years, 8 months ago
D , explicit deny overwrite allow
upvoted 2 times
OhCobblers
3 years, 8 months ago
Sanc - totally right!
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel