AWS Certified Developer - Associate

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: The policy provides PutObject and GetObject access to all objects in the EXAMPLE-BUCKET bucket except the objects that start with private

The policy provides PutObject and GetObject access to all objects in the EXAMPLE-BUCKET bucket except the objects that start with private The first statement denies access to any objects that start with private in the EXAMPLE-BUCKET bucket. The second statement allows PutObject and GetObject access to all objects in the EXAMPLE-BUCKET bucket. So the net effect is to allow PutObject and GetObject access to all objects in the EXAMPLE-BUCKET bucket except the objects that start with private. Incorrect options: The policy provides PutObject and GetObject access to all buckets except the EXAMPLE-BUCKET/private bucket The policy provides PutObject and GetObject access to all objects in the EXAMPLE-BUCKET bucket as well as provides access to all s3 actions on objects starting with private in the EXAMPLE-BUCKET bucket The policy denies PutObject and GetObject access to all buckets except the EXAMPLE-BUCKET/private bucket These three options contradict the explanation provided above, so these options are incorrect.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: The policy provides PutObject and GetObject access to all objects in the EXAMPLE-BUCKET bucket except the objects that start with private

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

In the context of AWS Identity and Access Management (IAM) policies, consider the following policy attached to a user or role:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": "s3:", "Resource": "arn:aws:s3:::EXAMPLE-BUCKET/private" }, { "Effect": "Allow", "Action": ["s3:PutObject", "s3:GetObject"] "Resource": "arn:aws:s3:::EXAMPLE-BUCKET/", } ] }

This policy is composed of two statements:

A "Deny" statement that applies to all S3 actions on objects within the path "EXAMPLE-BUCKET/private".

An "Allow" statement that permits the s3:PutObject and s3:GetObject actions on all objects within "EXAMPLE-BUCKET/*".

Based on this information, which of the following statements is correct per the given policy?

Exam-Like

The policy denies PutObject and GetObject access to all buckets except the EXAMPLE-BUCKET/private bucket

0.0%

The policy provides PutObject and GetObject access to all objects in the EXAMPLE-BUCKET bucket as well as provides access to all s3 actions on objects starting with private in the EXAMPLE-BUCKET bucket

11.1%

The policy provides PutObject and GetObject access to all buckets except the EXAMPLE-BUCKET/private bucket

11.1%

The policy provides PutObject and GetObject access to all objects in the EXAMPLE-BUCKET bucket except the objects that start with private

77.8%