exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 730 discussion

The following AWS Identity and Access Management (IAM) customer managed policy has been attached to an IAM user:

Which statement describes the access that this policy provides to the user?

  • A. The policy grants access to all Amazon S3 actions, including all actions in the prod-data S3 bucket
  • B. This policy denies access to all Amazon S3 actions, excluding all actions in the prod-data S3 bucket
  • C. This policy denies access to the Amazon S3 bucket and objects not having prod-data in the bucket name
  • D. This policy grants access to all Amazon S3 actions in the prod-data S3 bucket, but explicitly denies access to all other AWS services
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
beebatov
Highly Voted 3 years, 2 months ago
Answer: D NotAction + NotResource https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html
upvoted 13 times
...
davidy2020
Most Recent 1 year, 10 months ago
Using the "NotResource" element and "Effect": "Deny" in the same statement denies services and resources that are not explicitly listed.
upvoted 1 times
...
ggrodskiy
1 year, 11 months ago
Correct D. NotAction with Deny You can use the NotAction element in a statement with "Effect": "Deny" to deny access to all of the listed resources except for the actions specified in the NotAction element. This combination does not allow the listed items, but instead explicitly denies the actions not listed. You must still allow actions that you want to allow. The following conditional example denies access to non-IAM actions if the user is not signed in using MFA. If the user is signed in with MFA, then the "Condition" test fails and the final "Deny" statement has no effect. Note, however, that this would not grant the user access to any actions; it would only explicitly deny all other actions except IAM actions.
upvoted 1 times
...
evargasbrz
1 year, 11 months ago
Selected Answer: C
I'll go with C The explicit deny is clearly for S3 and denies access to any bucket that is not Prod. There is nothing here that prevents access to other AWS Services.
upvoted 1 times
Jesuisleon
1 year, 6 months ago
I chose C at first without noticing "NoAction:s3:*", clearly this denys all other aws services, D is correct.
upvoted 1 times
...
...
TechX
2 years, 5 months ago
Selected Answer: D
100% D
upvoted 1 times
...
yacin
2 years, 9 months ago
D is correct
upvoted 1 times
...
jyrajan69
2 years, 9 months ago
Definitely C. The explicit deny is clearly for S3 and denies access to any bucket that is not Prod. There is nothing here that prevents access to other AWS Services.
upvoted 2 times
...
challenger1
2 years, 12 months ago
My Answer: D
upvoted 1 times
...
AzureDP900
3 years ago
Selected Answer: D
D is correct for given scnerio!
upvoted 1 times
...
andylogan
3 years, 1 month ago
It's D
upvoted 1 times
...
tgv
3 years, 1 month ago
DDD ---
upvoted 1 times
...
WhyIronMan
3 years, 1 month ago
I'll go with D Trick question need to pay attention in the "NotAction" and "NotResources" clauses
upvoted 3 times
...
vimgoru24
3 years, 2 months ago
Today I learned there is a negate Not- prefix in policy statements 😅 D it is
upvoted 3 times
...
hk436
3 years, 2 months ago
D is my answer!!
upvoted 1 times
...
Waiweng
3 years, 2 months ago
it's D
upvoted 3 times
...
ExtHo
3 years, 2 months ago
D https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html
upvoted 3 times
...
gsw
3 years, 2 months ago
D seems correct
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...