AWS Certified Solutions Architect – Professional SAP-C01 – Question730

The following AWS Identity and Access Management (IAM) customer managed policy has been attached to an IAM user:

Which statement describes the access that this policy provides to the user?

A.
The policy grants access to all Amazon S3 actions, including all actions in the prod-data S3 bucket
B. This policy denies access to all Amazon S3 actions, excluding all actions in the prod-data S3 bucket
C. This policy denies access to the Amazon S3 bucket and objects not having prod-data in the bucket name
D. This policy grants access to all Amazon S3 actions in the prod-data S3 bucket, but explicitly denies access to all other AWS services

Correct Answer: D