ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 222 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 222
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company is using AWS Organizations to manage multiple AWS accounts. The company has an application that allows users to assume the AppUser IAM role to download files from an Amazon S3 bucket that is encrypted with an AWS KMS CMK. However, when users try to access the files in the S3 bucket, they get an access denied error.
What should a security engineer do to troubleshoot this error? (Choose three.)

  • A. Ensure the KMS policy allows the AppUser role to have permission to decrypt for the CMK.
  • B. Ensure the S3 bucket policy allows the AppUser role to have permission to get objects for the S3 bucket.
  • C. Ensure the CMK was created before the S3 bucket.
  • D. Ensure the S3 block public access feature is enabled for the S3 bucket.
  • E. Ensure that automatic key rotation is disabled for the CMK.
  • F. Ensure the SCPs within Organizations allow access to the S3 bucket.
Show Suggested Answer Hide Answer
Suggested Answer: ABF 🗳️
by viestner at March 13, 2021, 5:30 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
DayQuil
Highly Voted 3 years, 9 months ago
A, B, and F.
upvoted 29 times
...
viestner
Highly Voted 3 years, 9 months ago
ABF for me
upvoted 11 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: ABF
ABF are the right answers.
upvoted 1 times
...
samCarson
2 years ago
Selected Answer: ABF
A. Ensure the KMS policy allows the AppUser role to have permission to decrypt for the CMK: The KMS policy must grant the AppUser role the necessary permissions to decrypt data using the CMK. If this permission is missing, users will encounter an access denied error when attempting to download files from the S3 bucket. B. Ensure the S3 bucket policy allows the AppUser role to have permission to get objects for the S3 bucket: The S3 bucket policy needs to include the necessary permissions for the AppUser role to retrieve objects from the bucket. F. Ensure the SCPs within Organizations allow access to the S3 bucket: If there are Service Control Policies (SCPs) defined within AWS Organizations that restrict access to the S3 bucket, the AppUser role might be affected. It's important to verify that the SCPs allow the required access to the S3 bucket for the AppUser role to avoid access denied errors.
upvoted 1 times
...
pal40sg
2 years, 1 month ago
Selected Answer: ABF
agree with - ABF
upvoted 1 times
...
robertohyena
2 years, 6 months ago
Selected Answer: ABF
A B F are the right answer
upvoted 1 times
...
sapien45
2 years, 10 months ago
Selected Answer: ABF
Filter out non sens questions
upvoted 2 times
Senthil_SPM
1 year, 9 months ago
Yes, I too shortlisted the answers same way
upvoted 1 times
...
...
lotfi50
3 years ago
Selected Answer: ABF
A, B, and F.
upvoted 1 times
...
skipbaylessfor3
3 years, 8 months ago
Yeah I also think its ABF C - I don't think this matters at all D - If anything, I think you actually want the opposite of this E - Key rotation shouldn't affect key access
upvoted 3 times
...
eskimolander
3 years, 8 months ago
A, B and F. But D could also be as explained here, no? https://aws.amazon.com/premiumsupport/knowledge-center/s3-troubleshoot-403/
upvoted 2 times
Daniel76
3 years, 8 months ago
D - said "ensure" block public access so that user can access s3, while the knowledge centre link you provided indicates the opposite - that block public access is the possible cause of s3 access error.
upvoted 1 times
...
...
sanjaym
3 years, 8 months ago
ABF without doubt.
upvoted 3 times
...
Larsson
3 years, 8 months ago
ABF of course. Who chooses anything else...
upvoted 2 times
...
cldy
3 years, 9 months ago
A.B.F.
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel