Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 66 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 66
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A security engineer is configuring account-based access control (ABAC) to allow only specific principals to put objects into an Amazon S3 bucket. The principals already have access to Amazon S3.

The security engineer needs to configure a bucket policy that allows principals to put objects into the S3 bucket only if the value of the Team tag on the object matches the value of the Team tag that is associated with the principal. During testing, the security engineer notices that a principal can still put objects into the S3 bucket when the tag values do not match.

Which combination of factors are causing the PutObject operation to succeed when the tag values are different? (Choose two.)

  • A. The principal's identity-based policy grants access to put objects into the S3 bucket with no conditions.
  • B. The principal's identity-based policy overrides the condition because the identity-based policy contains an explicit allow.
  • C. The S3 bucket's resource policy does not deny access to put objects.
  • D. The S3 bucket's resource policy cannot allow actions to the principal.
  • E. The bucket policy does not apply to principals in the same zone of trust.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by marlonchin at Nov. 23, 2023, 7:28 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
rahav
9 months, 2 weeks ago
Selected Answer: AC
AC is the correct ones
upvoted 1 times
...
Daniel76
10 months ago
Selected Answer: AC
https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html Look out for step 2- create ABAC policy example. To ensure that resources is only granted when principal and resource tag match, there should be condition for the access, and disallow when tag not match.
upvoted 2 times
...
[Removed]
10 months, 2 weeks ago
BDE Don't appear to make much sense. So A C it is. The resource policy should be setup to DENY if a tag DOES NOT MATCH the desired tags. Not ALLOW the tag listed alone. Otherwise, a IAM policy without conditions may be enough to provide access. Not a fan of this question as it leaves a ton up in the air but hey..
upvoted 3 times
...
oioi
10 months, 2 weeks ago
Selected Answer: AC
correct
upvoted 3 times
...
marlonchin
10 months, 2 weeks ago
Sorry not D I need the explanation for E if it is right answer
upvoted 1 times
...
marlonchin
10 months, 2 weeks ago
BE can some explain how it is possible for D to be answer
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel