AWS Certified Security – Specialty — Question 76

A company has an encrypted Amazon S3 bucket. An Application Developer has an IAM policy that allows access to the S3 bucket, but the Application Developer is unable to access objects within the bucket.
What is a possible cause of the issue?

Answer options

• A. The S3 ACL for the S3 bucket fails to explicitly grant access to the Application Developer
• B. The AWS KMS key for the S3 bucket fails to list the Application Developer as an administrator
• C. The S3 bucket policy fails to explicitly grant access to the Application Developer
• D. The S3 bucket policy explicitly denies access to the Application Developer

Correct answer: D

Explanation

The correct answer is D because if the S3 bucket policy explicitly denies access to the Application Developer, it overrides any permissions granted by the IAM policy. Options A and C indicate missing permissions, while B refers to KMS key management, which is not directly causing the access issue in this case.