🔥 3-day streak
AWS Certified SysOps Administrator - Associate94 / 150
Question 94 of 150

A SysOps administrator attaches an IAM policy to a group that explicitly allows all Amazon S3 actions on a company data bucket. A separate managed policy attached to one user in that group includes an explicit deny for s3:DeleteObject on the same bucket. When that user attempts to delete an object from the bucket, the action fails. What is the reason for this behavior?

Reviewed for accuracy · Report an issueNext question