Exam AWS Certified Solutions Architect - Professional topic 1 question 730 discussion

Answer: D NotAction + NotResource https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html

Using the "NotResource" element and "Effect": "Deny" in the same statement denies services and resources that are not explicitly listed.

Correct D. NotAction with Deny You can use the NotAction element in a statement with "Effect": "Deny" to deny access to all of the listed resources except for the actions specified in the NotAction element. This combination does not allow the listed items, but instead explicitly denies the actions not listed. You must still allow actions that you want to allow. The following conditional example denies access to non-IAM actions if the user is not signed in using MFA. If the user is signed in with MFA, then the "Condition" test fails and the final "Deny" statement has no effect. Note, however, that this would not grant the user access to any actions; it would only explicitly deny all other actions except IAM actions.

I'll go with C The explicit deny is clearly for S3 and denies access to any bucket that is not Prod. There is nothing here that prevents access to other AWS Services.

100% D

D is correct

Definitely C. The explicit deny is clearly for S3 and denies access to any bucket that is not Prod. There is nothing here that prevents access to other AWS Services.

My Answer: D

D is correct for given scnerio!

It's D

DDD ---

I'll go with D Trick question need to pay attention in the "NotAction" and "NotResources" clauses

Today I learned there is a negate Not- prefix in policy statements 😅 D it is

D is my answer!!

it's D

D https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html

D seems correct