exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 242 discussion

An AWS account includes two S3 buckets: bucket1 and bucket2. The bucket2 does not have a policy defined, but bucket1 has the following bucket policy:



In addition, the same account has an IAM User named “alice”, with the following IAM policy.



Which buckets can user “alice” access?

  • A. bucket1 only
  • B. bucket2 only
  • C. Both bucket1 and bucket2
  • D. Neither bucket1 nor bucket2
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
woonsi
4 days, 11 hours ago
Selected Answer: C
3️⃣ Combining Policies — How AWS evaluates this: AWS uses a combination of IAM policies and resource-based policies (like bucket policies). For Alice to access an S3 bucket: • Either the IAM policy or the bucket policy must allow the action (they don’t both need to allow it). • If one policy allows access and the other doesn’t mention it (or allows it too), access is granted. • Access is denied only if an explicit “Deny” exists in either policy — which isn’t present here. Since: • Bucket1’s policy allows Alice access. • Alice’s IAM policy allows access to bucket2. 👉 Alice can access both bucket1 and bucket2 — no conflicts or denies are present.
upvoted 1 times
...
zhen234
3 weeks ago
Selected Answer: C
IAM policies are evaluated first. Bucket policies are evaluated after IAM policies. An explicit deny will override any allows. If there are no explicit denies, then an explicit allow will grant access.
upvoted 1 times
...
m_ch333
2 months, 1 week ago
Selected Answer: C
C. IAM policies and S3 bucket policies can both used for access control https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/
upvoted 1 times
...
SCSC02Q
2 months, 2 weeks ago
Selected Answer: B
Its B since Alice's IAM policy only allows Bucket 2. Access to Bucket 1 will be denied unless this IAM Policy is updated.
upvoted 2 times
...
IPLogic
3 months, 1 week ago
Selected Answer: C
bucket1 has a policy that explicitly allows user "alice" access to arn:aws:s3:::bucket1/*. bucket2 has no bucket policy, but "alice"’s IAM policy allows access to arn:aws:s3:::bucket2/*. Here's the access situation: bucket1: User "alice" can access bucket1 because the bucket policy explicitly allows it. bucket2: User "alice" can access bucket2 because her IAM policy grants her permission to it, and there is no bucket policy to restrict this access. So, user "alice" can access both bucket1 and bucket2. Therefore, the correct answer is C. Both bucket1 and bucket2.
upvoted 3 times
...
siheom
3 months, 2 weeks ago
Selected Answer: C
it should be C https://www.examtopics.com/discussions/amazon/view/68809-exam-aws-certified-security-specialty-topic-1-question-89/
upvoted 2 times
...
jdx000
3 months, 3 weeks ago
Selected Answer: B
only bucket 2, so B
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago