ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 232 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 232
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company uses an organization in AWS Organizations to help separate its Amazon EC2 instances and VPCs. The company has separate OUs for development workloads and production workloads.

A security engineer must ensure that only AWS accounts in the production OU can write VPC flow logs to an Amazon S3 bucket. The security engineer is configuring the S3 bucket policy with a Condition element to allow the s3:PutObject action for VPC flow logs.

How should the security engineer configure the Condition element to meet these requirements?

  • A. Set the value of the aws:SourceOrgID condition key to be the organization ID.
  • B. Set the value of the aws:SourceOrgPaths condition key to be the Organizations entity path of the production OU.
  • C. Set the value of the aws:ResourceOrgID condition key to be the organization ID.
  • D. Set the value of the aws:ResourceOrgPaths condition key to be the Organizations entity path of the production OU.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Asma2023 at Jan. 4, 2025, 8:35 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
molerowan
1 day ago
Selected Answer: B
A (aws:SourceOrgID): Grants access to the entire organization, not just the production OU. C (aws:ResourceOrgID): Refers to the resource’s organization (the S3 bucket’s account), not the source account writing logs. D (aws:ResourceOrgPaths): Irrelevant, as it checks the resource’s OU path, not the source account’s.
upvoted 1 times
...
Asma2023
2 months, 1 week ago
Selected Answer: B
Set the value of the aws:SourceOrgPaths condition key to be the Organizations entity path of the production OU
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago