ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 78 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 78
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A Systems Administrator has written the following Amazon S3 bucket policy designed to allow access to an S3 bucket for only an authorized AWS IAM user from the IP address range 10.10.10.0/24:

When trying to download an object from the S3 bucket from 10.10.10.40, the IAM user receives an access denied message.
What does the Administrator need to change to grant access to the user?

  • A. Change the ג€Resourceג€ from ג€arn: aws:s3:::Bucketג€ to ג€arn:aws:s3:::Bucket/*ג€.
  • B. Change the ג€Principalג€ from ג€*ג€ to {AWS:ג€arn:aws:iam: : account-number: user/usernameג€}
  • C. Change the ג€Versionג€ from ג€2012-10-17ג€ to the last revised date of the policy
  • D. Change the ג€Actionג€ from [ג€s3:*ג€] to [ג€s3:GetObjectג€, ג€s3:ListBucketג€]
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ChinkSantana at March 19, 2021, 7:46 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ramozo
Highly Voted 3 years, 8 months ago
Yes, it is A. https://aws.amazon.com/blogs/security/writing-iam-policies-how-to-grant-access-to-an-amazon-s3-bucket/
upvoted 12 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: A
Correct answer is A, but it worth to mention that "aws:SourceIP" condition element only accepts public IP's!
upvoted 1 times
...
ITGURU51
2 years, 1 month ago
The /* parameter is necessary to grant access to an S3 bucket so A.
upvoted 2 times
...
arae
2 years, 8 months ago
Answer is A Because we have to specify the folders or files that we want the users to access in this case it says it wants the users to access the bucket so by adding /* after Bucket allows the users to access whats inside the bucket.
upvoted 2 times
...
dcasabona
2 years, 11 months ago
Selected Answer: A
A as well.
upvoted 1 times
...
sapien45
2 years, 11 months ago
Selected Answer: A
The Resource element specifies arn:aws:s3:::test for the ListBucket action The Resource element specifies arn:aws:s3:::test/* for the GetObject, PutObject, and DeletObject actions so that applications can read, write, and delete any objects in the test bucket.
upvoted 3 times
...
Radhaghosh
3 years, 5 months ago
Answer A --> Classical S3 Bucket policy question.
upvoted 1 times
...
kiev
3 years, 8 months ago
A for me as well
upvoted 1 times
...
refuz
3 years, 8 months ago
Easy answer: A
upvoted 4 times
...
sanjaym
3 years, 8 months ago
Ans: A 100%
upvoted 1 times
...
ChinkSantana
3 years, 9 months ago
Answer is A easily
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel