Question 301:
An ex-employee working with a start-up firm has applied the following policy to IAM users in the Development team. A Junior engineer is looking for permission which will be granted with this policy so that the same policy can be replicated to other users in this team.
Which statement is true concerning permission granted with this policy?
{
"Version": "2012-10-17",
"Statement": [
{ "Effect": "Deny",
"Action": ["cloudtrail:*"],
"NotResource": [
"arn:aws:cloudtrail:us-west-1:111111222222:trail/TEST-TRAIL"]
}
]
}
Answer options:
A.Users will be explicitly denied performing any actions on CloudTrail except on Trail with the name as TEST-TRAIL created in the us-west-1 region. B.Users will be explicitly denied for any actions on CloudTrail. C.Users will be permitted to perform all actions on CloudTrail except on Trial with the name as TEST-TRAIL created in the us-west-1 region. D.Only User 111111222222 will be able to perform CloudTrail actions and all other users will be denied performing any actions on CloudTrail.