ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 499 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 499
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A security engineer is configuring AWS Config for an AWS account that uses a new 1AM entity. When the security engineer tries to configure AWS Config rules and automatic remediation options, errors occur. In the AWS CloudTrail logs, the security engineer sees the following error message: "Insufficient delivery policy to s3 bucket: DOC-EXAMPLE-BUCKET, unable to write to bucket, provided s3 key prefix is 'null'."

Which combination of steps should the security engineer take to remediate this issue? (Choose two.)

  • A. Check the Amazon S3 bucket policy. Verify that the policy allows the config.amazonaws.com service to write to the target bucket.
  • B. Verify that the IAM entity has the permissions necessary to perform the s3:GetBucketAcl and s3:PutObject* operations to write to the target bucket.
  • C. Verify that the Amazon S3 bucket policy has the permissions necessary to perform the s3:GetBucketAcl and s3:PutObject* operations to write to the target bucket.
  • D. Check the policy that is associated with the IAM entity. Verify that the policy allows the config.amazonaws.com service to write to the target bucket.
  • E. Verify that the AWS Config service role has permissions to invoke the BatchGetResourceConfig action instead of the GetResourceConfigHistory action and s3:PutObject* operation.
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️
by cloudenthusiast at June 2, 2023, 9:10 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Noexperience
1 year, 8 months ago
Selected Answer: AD
The issue seems more related to the S3 bucket policy not allowing AWS Config's service to write, so focusing on the bucket policy and the associated IAM entity's policy would be more relevant.
upvoted 1 times
...
6_8ftwin
1 year, 10 months ago
Selected Answer: AB
https://repost.aws/knowledge-center/config-console-error
upvoted 3 times
...
cloudenthusiast
1 year, 11 months ago
Selected Answer: AB
A. Check the Amazon S3 bucket policy: Verify that the policy allows the config.amazonaws.com service to write to the target bucket. Make sure the necessary permissions are granted in the bucket policy to allow AWS Config to write configuration items to the bucket. B. Verify that the IAM entity has the permissions necessary to perform the s3:GetBucketAcl and s3:PutObject* operations to write to the target bucket. Ensure that the IAM entity associated with AWS Config has the required permissions to access and write to the bucket. By checking and adjusting the permissions in both the Amazon S3 bucket policy and the IAM entity policy, the security engineer can resolve the error and allow AWS Config to write to the specified S3 bucket.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago