ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 248 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 248
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A group requires permissions to list an Amazon S3 bucket and delete objects from that bucket. An administrator has created the following IAM policy to provide access to the bucket and applied that policy to the group. The group is not able to delete objects in the bucket. The company follows least-privilege access rules.

Which statement should a solutions architect add to the policy to correct bucket access?
A.

B.

C.

D.

Show Suggested Answer Hide Answer
Suggested Answer: A
by dmscountera at March 11, 2021, 2:45 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dmscountera
Highly Voted 3 years, 9 months ago
D, least priviledge
upvoted 38 times
manan728
3 years, 6 months ago
Similar question with slight twist in wordings was on my test that I passed on Nov 20 2021. I picked D. Roughly half of the questions are from this 500 examtopics dump. But other half were unheard of new and lengthy ones in my test. Some of those questions had similarities but had twisted options. Good luck ya'll.
upvoted 9 times
...
...
leliodesouza
Highly Voted 3 years, 8 months ago
The answer is D.
upvoted 11 times
...
fro13
Most Recent 1 year, 11 months ago
Answer is D
upvoted 1 times
...
MMsdk
2 years, 10 months ago
Answer is D
upvoted 1 times
...
Gomer
3 years, 6 months ago
Answer D that works (adds to existing policy as stated): { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:ListBucket", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::<bucket-name>" ], "Effect": "Allow", }, { "Action": "s3:*DeleteObject", "Resource": [ "arn:aws:s3:::<bucket-name>/*" # <- The policy clause kludge "added" to match the solution (Q248.1) example ], "Effect": "Allow" } ] }
upvoted 1 times
Gomer
3 years, 6 months ago
Which would be more succintly/intelligently written as: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::<bucket-name>", "arn:aws:s3:::<bucket-name>/*" ] }, ] }
upvoted 1 times
...
...
KyleZheng
3 years, 7 months ago
D!! Please be noted, the existing policy is for bucket. and architect need to add another policy for objects, which means for a folder. select D!
upvoted 7 times
...
Sharan_25_v
3 years, 7 months ago
Answer is right : A The question is framed well but not the options ,eventhough option "A" is right compared to other options available A : Has Acces to all actions do with objects in the bucket B : S3:* is having complete access to the bucket C : Has access to only delete objects but not list D : Has same as C can only delete objects but not list Among A and B , A is the least privileged
upvoted 6 times
virendrapsingh
3 years, 7 months ago
Why do you need List permission to delete an object?
upvoted 1 times
...
akss009
3 years, 7 months ago
D because you need to add to existing policy not replace
upvoted 4 times
...
Kalyankr
3 years, 7 months ago
Are you sure?
upvoted 1 times
...
John129087
3 years, 7 months ago
Looks like some answers here are planted to mislead people
upvoted 1 times
...
...
sreeks2021
3 years, 7 months ago
Everyone agrees D , but still why the answer is not corrected?
upvoted 6 times
...
Kenzo
3 years, 8 months ago
The answer is D https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-policies-s3.html
upvoted 6 times
...
Priyapol26
3 years, 8 months ago
Ans :- D
upvoted 5 times
...
Junyafu
3 years, 8 months ago
D is the most appropriate choice as show in "Allowing an IAM user access to one of your buckets" example of the below website. https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-policies-s3.html
upvoted 4 times
...
hassanbsee2071
3 years, 8 months ago
But user is also required to list objects. With D it is not possible so I will go with B
upvoted 3 times
...
AOA
3 years, 8 months ago
A is correct D won't work because you will need more access than just delete inside the bucket/*
upvoted 1 times
tinyshare
3 years, 7 months ago
Action with wildcard will include: s3:PutObject, s3:GetObject, and s3:DeleteObject which is not the "least-privilege"
upvoted 1 times
...
miniscraper
3 years, 8 months ago
Which statement should a solutions architect ADD to the policy to correct bucket access? Keyword on the question: ADD
upvoted 1 times
...
Gomer
3 years, 6 months ago
The question states that the policy would be added to the existing policy, so D would be the only answer that would add that (though this is poor example). The best solution would be to just add "bucket-name/*" as a second resource statement in first policy, but that isn't an option. This is an example where the exam creator is more preoccupied trying to figure out how to trick you with subtleties rather than just choose a straightforward answer.
upvoted 1 times
Gomer
3 years, 6 months ago
"Resource": [ "arn:aws:s3:::bucket-name", "arn:aws:s3:::bucket-name/*", ],
upvoted 1 times
...
...
...
KK_uniq
3 years, 8 months ago
D will work
upvoted 4 times
...
ansh18061986
3 years, 8 months ago
Will go with 'D'.
upvoted 1 times
...
theEngineer
3 years, 8 months ago
D is the right answer
upvoted 1 times
...
syu31svc
3 years, 8 months ago
A is wrong as action type is invalid B is wrong since it allows everything C is wrong as the resource name is incorrect, should be /* after the bucketname Answer D
upvoted 7 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel