ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 570 discussion

Exam question from Amazon's AWS-SysOps
Question #: 570
Topic #: 1
[All AWS-SysOps Questions]

A company must share monthly report files that are uploaded to Amazon S3 with a third party. The third-party user list is dynamic, is distributed, and changes frequently. The least amount of access must be granted to the third party. Administrative overhead must be low for the internal teams who manage the process.
How can this be accomplished while providing the LEAST amount of access to the third party?

  • A. Allow only specified IP addresses to access the S3 buckets which will host files that need to be provided to the third party.
  • B. Create an IAM role with the appropriate access to the S3 bucket, and grant login permissions to the console for the third party to access the S3 bucket.
  • C. Create a pre-signed URL that can be distributed by email to the third party, allowing it to download specific S3 filed.
  • D. Have the third party sign up for an AWS account, and grant it cross-account access to the appropriate S3 bucket in the source account.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by mukeshs at Sept. 24, 2019, 2:14 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mukeshs
Highly Voted 3 years, 1 month ago
I think the answer should be C. Creating an bucket policy by specifying IP address is not an access with least priviledge.
upvoted 6 times
...
e45af42
Most Recent 4 months, 4 weeks ago
Selected Answer: C
It is definitely C answer. Why admins do not update such an old question???
upvoted 1 times
...
albert_kuo
1 year, 3 months ago
Selected Answer: C
A pre-signed URL is a time-limited URL generated by the AWS SDK or API. It grants temporary access to specific objects in an S3 bucket, without the need for the third party to have AWS credentials or direct access to the S3 bucket.
upvoted 1 times
...
babaEniola
2 years, 11 months ago
I will go for B, it says Administrative overhead must be low, if you give a pre-signed URL you have to keep generating it all the time, but a role, once the least policy is attached, there won't be any internal administrative work to do.
upvoted 1 times
...
TroyMcLure
2 years, 11 months ago
Correct Answer: C
upvoted 1 times
...
ImranR
2 years, 11 months ago
C is correct..
upvoted 1 times
...
Kt45
3 years ago
I'd say A only because C doesn't address the admin overhead with distributing the url to all recipients in the distribution list. There would also be a need for some sort of automation. With A, least access can be achieved with read access only and allowing specific IPs
upvoted 2 times
shimmy
2 years, 12 months ago
A has even more administrative overhead because you have to constantly add IP addresses and remove IP addresses. With C, I just have to update the email distribution list.
upvoted 2 times
...
SHoKMaSTeR
2 years, 12 months ago
"distributed" ... It seems that it doesn't use the same IP address all the time. Answer is C
upvoted 5 times
...
...
sen12
3 years ago
C is more appropriate with regards to the question. "Least" access and Less overhead to the sysops engineer.
upvoted 3 times
...
pleasespammelater
3 years ago
Yep, C is correct. Note that the maximum time you can set is 7 days. https://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html
upvoted 3 times
...
saumenP
3 years ago
C is correct
upvoted 3 times
...
kkwang
3 years ago
C is the correct
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago