What is the result of the following bucket policy?
{
"Statement": [
{
"Sid": "Sid1",
"Action": "s3:*",
"Effect": "Allow",
"Resource": "arn:aws:s3:::mybucket/*.",
"Principal": {
{"AWS": ["arn:aws:iam::111111111:user/mark"]}
}
},
{
"Sid": "Sid2",
"Action": "s3:*",
"Effect": "Deny",
"Resource": "arn:aws:s3:::mybucket/*",
"Principal": {
"AWS": [
"*"
]
}
}
]
}
Choose the correct answer:
 

Answer options:

A.It will allow all access to the bucket mybucket.
B.It will allow the user mark from AWS account number 111111111 all access to the bucket but deny everyone else all access to the bucket.
C.It will deny all access to the bucket objects under mybucket.
D.None of these.

Answer: C
Option A is incorrect because the policy consists of 2 statements, one is the allow for the user mark to access the bucket, and the next is the deny policy for all users. The deny permission will override the allow, and hence all users will not have access to the bucket.
Option B is incorrect because deny policy will take the preference and deny access to all the bucket`s objects. This will overrule the allow access for user mark.
Option C is CORRECT because deny policy will take the preference and deny access for everyone.
Option D is incorrect because Option C is correct.
For examples on S3 bucket policies, please refer to the below Link:
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html