{"id":490,"date":"2021-01-08T06:37:20","date_gmt":"2021-01-08T06:37:20","guid":{"rendered":"https:\/\/exampracticetests.com\/aws\/SysOps_Administrator_SOA-C01\/aws-certified-sysops-administrator-soa-c01-question483\/"},"modified":"2021-01-08T06:37:20","modified_gmt":"2021-01-08T06:37:20","slug":"aws-certified-sysops-administrator-soa-c01-question483","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/aws\/SysOps_Administrator_SOA-C01\/aws-certified-sysops-administrator-soa-c01-question483\/","title":{"rendered":"AWS Certified SysOps Administrator SOA-C01 &#8211; Question483"},"content":{"rendered":"<div class=\"question\">An IAM user has two conflicting policies as part of two separate groups. One policy allows him to access an S3 bucket, while another policy denies him the access. Can the user access that bucket? <br \/><strong><br \/>A.<\/strong> Yes, always <br \/><strong>B.<\/strong> No <br \/><strong>C.<\/strong> Yes, provided he accesses with the group which has S3 access <br \/><strong>D.<\/strong> Yes, but just read only access of the bucket<\/div>\n<p><\/p>\n<style> .hidden-div{ display:none } <\/style>\n<p>\t\t\t\t\t\t\t<button onclick=\"getElementById('hidden-div').style.display = 'block'\"> Show Answer <\/button> <button onclick=\"getElementById('hidden-div').style.display = 'none'\">Hide Answer<\/button><\/p>\n<div class=\"hidden-div\" id=\"hidden-div\"><span style=\"\"><\/p>\n<div class=\"answer\">Correct Answer: <strong>B<\/strong><\/div>\n<p><strong>Explanation:<\/strong> <\/p>\n<div class=\"explanation\">\nExplanation: When a request is made, the AWS IAM policy decides whether a given request should be allowed or denied. The evaluation logic follows these rules: By default, all requests are denied. (In general, requests made using the account credentials for resources in the account are always allowed.) An explicit allow policy overrides this default. An explicit deny policy overrides any allows. In this case since there is an explicit deny policy, it will over ride everything and the request will be denied. Reference:<br \/>\n<a href=\"http:\/\/docs.aws.amazon.com\/IAM\/latest\/UserGuide\/AccessPolicyLanguage_EvaluationLogic.html\" title=\"External link\" rel=\"nofollow noopener\" target=\"_blank\">http:\/\/docs.aws.amazon.com\/IAM\/latest\/UserGuide\/AccessPolicyLanguag&#8230;<\/a><\/div>\n<p><\/strong><\/span> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>An IAM user has two conflicting policies as part of two separate groups. One policy allows him to access an S3 bucket, while another policy denies him the access. Can the user access that bucket? A. Yes, always B. No C. Yes, provided he accesses with the group which has S3 access D. Yes, but [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,486],"class_list":["post-490","post","type-post","status-publish","format-standard","hentry","category-aws-certified-sysops-administrator-soa-c01","tag-aws-certified-sysops-administrator-soa-c01","tag-question-483"],"_links":{"self":[{"href":"https:\/\/exampracticetests.com\/aws\/SysOps_Administrator_SOA-C01\/wp-json\/wp\/v2\/posts\/490","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exampracticetests.com\/aws\/SysOps_Administrator_SOA-C01\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exampracticetests.com\/aws\/SysOps_Administrator_SOA-C01\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/SysOps_Administrator_SOA-C01\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/SysOps_Administrator_SOA-C01\/wp-json\/wp\/v2\/comments?post=490"}],"version-history":[{"count":0,"href":"https:\/\/exampracticetests.com\/aws\/SysOps_Administrator_SOA-C01\/wp-json\/wp\/v2\/posts\/490\/revisions"}],"wp:attachment":[{"href":"https:\/\/exampracticetests.com\/aws\/SysOps_Administrator_SOA-C01\/wp-json\/wp\/v2\/media?parent=490"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/SysOps_Administrator_SOA-C01\/wp-json\/wp\/v2\/categories?post=490"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/SysOps_Administrator_SOA-C01\/wp-json\/wp\/v2\/tags?post=490"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}