exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 1 discussion

A company has an AWS Lambda function that creates image thumbnails from larger images. The Lambda function needs read and write access to an Amazon S3 bucket in the same AWS account.
Which solutions will provide the Lambda function this access? (Choose two.)

  • A. Create an IAM user that has only programmatic access. Create a new access key pair. Add environmental variables to the Lambda function with the access key ID and secret access key. Modify the Lambda function to use the environmental variables at run time during communication with Amazon S3.
  • B. Generate an Amazon EC2 key pair. Store the private key in AWS Secrets Manager. Modify the Lambda function to retrieve the private key from Secrets Manager and to use the private key during communication with Amazon S3.
  • C. Create an IAM role for the Lambda function. Attach an IAM policy that allows access to the S3 bucket.
  • D. Create an IAM role for the Lambda function. Attach a bucket policy to the S3 bucket to allow access. Specify the function's IAM role as the principal.
  • E. Create a security group. Attach the security group to the Lambda function. Attach a bucket policy that allows access to the S3 bucket through the security group ID.
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Raphaello
Highly Voted 11 months, 4 weeks ago
CD Why the answers for many questions are categorically wrong?
upvoted 6 times
...
khanveena782
Most Recent 1 week, 6 days ago
Great discussion on this question! I’d like to add that understanding the shared responsibility model is key when considering security measures in AWS. The distinction between AWS's responsibility for securing the cloud infrastructure and the customer's role in securing their data and applications can directly influence the correct answer here. Amazon-dumps.com, Additionally, ensure you’re familiar with AWS services like IAM, AWS KMS, and CloudTrail as they often feature in security-related scenarios. Let’s keep dissecting these options together!
upvoted 2 times
...
awssecuritynewbie
2 months, 2 weeks ago
Selected Answer: CD
for sure this will be the use of AWS ROLES it is simple, you attach a role to the lambda to be able to access certain S3 bucket.
upvoted 2 times
...
FunkyFresco
3 months, 2 weeks ago
Selected Answer: CD
C and D
upvoted 1 times
...
shailvardhan
6 months, 1 week ago
Selected Answer: CD
100% it is C and D
upvoted 1 times
...
leaddev
8 months, 1 week ago
C & D are the correct answers
upvoted 1 times
...
Raphaello
9 months, 4 weeks ago
Selected Answer: CD
CD Always create execution role for your lambda function, as a best practice.
upvoted 1 times
...
aescudero51
10 months ago
Respuesta seleccionada: CD
upvoted 1 times
...
Daniel76
1 year ago
Selected Answer: CD
Answer is CD
upvoted 3 times
...
lalee2
1 year, 1 month ago
Selected Answer: CD
same account. for ABAC IAM role w/ policy will do. RBAC requires principal
upvoted 1 times
...
pupsik
1 year, 1 month ago
Selected Answer: CD
Permission needs to be specified either from Lambda's role policy, or from S3 bucket's resource policy.
upvoted 2 times
...
KR693
1 year, 1 month ago
c and d
upvoted 2 times
...
dhax12
1 year, 1 month ago
Any type of key means a long term access. Always use IAM roles to keep access temporarily. Answer should be C&D
upvoted 2 times
...
RayHK
1 year, 2 months ago
vote for C and D
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...