ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 134 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 134
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

An application is running on Amazon EC2 instances. Sensitive information required for the application is stored in an Amazon S3 bucket. The bucket needs to be protected from internet access while only allowing services within the VPC access to the bucket.
Which combination of actions should solutions archived take to accomplish this? (Choose two.)

  • A. Create a VPC endpoint for Amazon S3.
  • B. Enable server access logging on the bucket.
  • C. Apply a bucket policy to restrict access to the S3 endpoint.
  • D. Add an S3 ACL to the bucket that has sensitive information.
  • E. Restrict users using the IAM policy to use the specific bucket.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by josebormo at Aug. 10, 2020, 3:44 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SamShah613
Highly Voted 3 years, 8 months ago
I think A and C are the correct answers
upvoted 79 times
...
eug45
Highly Voted 3 years, 8 months ago
A and C are the right options, exam topics please try and make sure answers are right. there a lot of wrong answers on your website.
upvoted 32 times
gondohwe
3 years, 6 months ago
yes most qstns are simple but oftenly u get wrong answers......anyways A and C for this one
upvoted 2 times
...
Liongeek
3 years, 8 months ago
I guess they do it on purpuse so we can argue about it :v
upvoted 14 times
newjoinerv2
3 years, 7 months ago
and argue we do lol
upvoted 9 times
...
...
...
BoboChow
Most Recent 2 years, 9 months ago
Why not E?
upvoted 1 times
...
cyno88
3 years ago
Selected Answer: AC
A,C is correct
upvoted 2 times
...
juni_oppa
3 years, 2 months ago
A, C is cor
upvoted 1 times
...
itchi_vo
3 years, 6 months ago
=> A, C https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies-vpc-endpoint.html
upvoted 2 times
...
Krishna2401
3 years, 7 months ago
Amazon SQS will put all user requests in a queue ( FIFO ), one job at a time will be picked by lamda and processed, so system will not execute many jobs at the same time, preventing unresponsiveness. Answer : A and C.
upvoted 2 times
...
woke
3 years, 7 months ago
A and C is correct
upvoted 4 times
...
karthisena
3 years, 7 months ago
Explanation: ACL is a property at object level not at bucket level .Also by just adding ACL you cant let the services in VPC allow access to the bucket .
upvoted 3 times
gargaditya
3 years, 6 months ago
Not quite correct, S3 ACLs is a legacy access control mechanism that predates IAM. However, if you already use S3 ACLs and you find them sufficient, there is no need to change. An S3 ACL is a sub-resource that’s attached to every S3 bucket and object. It defines which AWS accounts or groups are granted access and the type of access.
upvoted 2 times
...
...
nickname20212021
3 years, 7 months ago
Passed the exam on 26th June, this question was on my test.
upvoted 6 times
Manisha2020
3 years, 7 months ago
wt did you choose?
upvoted 5 times
...
...
nickname20212021
3 years, 7 months ago
Passed the exam on 26th June, this question was on my test.
upvoted 2 times
...
tinyshare
3 years, 7 months ago
C is correct and D is wrong S3 ACL defines which accounts or groups to have what type of access. It has nothing to do with IP address. On the other hand, S3 bucket can deny all IP access except for particular IP address: "Sid": "IPAllow", "Effect": "Deny", "Principal": "*", "Action": "s3:*", "Resource": [ "arn:aws:s3:::DOC-EXAMPLE-BUCKET", "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*" ], "Condition": { "NotIpAddress": {"aws:SourceIp": "54.240.143.0/24"} https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-use-case-3
upvoted 6 times
...
KittuCheeku
3 years, 7 months ago
I would opt A & C
upvoted 2 times
...
MyGame
3 years, 7 months ago
By default, all Amazon S3 buckets and objects are private. Only the resource owner which is the AWS account that created the bucket can access that bucket. ANSWER: A+D
upvoted 1 times
...
MyGame
3 years, 7 months ago
ACL manages access to buckets and objcets. I would go with A+D
upvoted 1 times
...
syu31svc
3 years, 7 months ago
https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies-vpc-endpoint.html: "You can use Amazon S3 bucket policies to control access to buckets from specific virtual private cloud (VPC) endpoints, or specific VPCs" https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints.html: "A VPC endpoint enables private connections between your VPC and supported AWS services and VPC endpoint services powered by AWS PrivateLink. AWS PrivateLink is a technology that enables you to privately access services by using private IP addresses. Traffic between your VPC and the other service does not leave the Amazon network." A and C
upvoted 9 times
eBooKz
3 years ago
You just made A,C easily believable. Shout out to everyone who cares enough to validate their answers with links.
upvoted 1 times
...
...
Praps1
3 years, 7 months ago
A and C
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel