Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 510 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 510
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company wants to create a single Amazon S3 bucket for its data scientists to store work-related documents. The company uses AWS IAM Identity Center to authenticate all users. A group for the data scientists was created.

The company wants to give the data scientists access to only their own work. The company also wants to create monthly reports that show which documents each user accessed.

Which combination of steps will meet these requirements? (Choose two.)

  • A. Create a custom IAM Identity Center permission set to grant the data scientists access to an S3 bucket prefix that matches their username tag. Use a policy to limit access to paths with the ${aws:PrincipalTag/userName}/* condition.
  • B. Create an IAM Identity Center role for the data scientists group that has Amazon S3 read access and write access. Add an S3 bucket policy that allows access to the IAM Identity Center role.
  • C. Configure AWS CloudTrail to log S3 data events and deliver the logs to an S3 bucket. Use Amazon Athena to run queries on the CloudTrail logs in Amazon S3 and generate reports.
  • D. Configure AWS CloudTrail to log S3 management events to CloudWatch. Use Amazon Athena’s CloudWatch connector to query the logs and generate reports.
  • E. Enable S3 access logging to EMR File System (EMRFS). Use Amazon S3 Select to query logs and generate reports.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by mifune at June 27, 2024, 10:33 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
0b43291
1 week, 1 day ago
Selected Answer: AC
By combining a custom IAM Identity Center permission set with path-based access control and CloudTrail logging with Athena querying, the company can achieve the desired access control and reporting requirements for the data scientists' work-related documents stored in the S3 bucket. The other options are either incorrect or do not fully meet the requirements: B. Creating an IAM Identity Center role with S3 read and write access and adding an S3 bucket policy would not provide the granular access control required to restrict each user to their own work. D. Configuring CloudTrail to log S3 management events to CloudWatch and using Athena's CloudWatch connector would not capture the necessary data events for generating reports on which documents each user accessed. E. Enabling S3 access logging to EMRFS and using S3 Select would not provide the necessary logging and reporting capabilities for this use case.
upvoted 2 times
...
awsaz
5 months ago
Selected Answer: AC
A and C
upvoted 4 times
...
mifune
5 months ago
Selected Answer: AC
IAM Identity Center permission + Amazon Athena to run queries on the CloudTrail logs in Amazon S3 and generate reports, answer A-C
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel