AmazonAmazon
SCS-C02 · Question #4
SCS-C02 Question #4: Real Exam Question with Answer & Explanation
The correct answer is D: The allow permission is being overridden by the deny.. https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation- logic.html#policy-eval-denyallow
Submitted by andreas_gr· Mar 6, 2026
Question
A security engineer creates an Amazon S3 bucket policy that denies access to all users. A few days later, the security engineer adds an additional statement to the bucket policy to allow read- only access to one other employee. Even after updating the policy, the employee sill receives an access denied message. What is the likely cause of this access denial?
Options
- AThe ACL in the bucket needs to be updated.
- BThe IAM policy does not allow the user to access the bucket.
- CIt takes a few minutes for a bucket policy to take effect.
- DThe allow permission is being overridden by the deny.
Explanation
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation- logic.html#policy-eval-denyallow
Community Discussion
No community discussion yet for this question.