exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 862 discussion

A digital marketing company has multiple AWS accounts that belong to various teams. The creative team uses an Amazon S3 bucket in its AWS account to securely store images and media files that are used as content for the company's marketing campaigns. The creative team wants to share the S3 bucket with the strategy team so that the strategy team can view the objects.
A solutions architect has created an IAM role that is named strategy_reviewer in the Strategy account. The solutions architect also has set up a custom AWS Key
Management Service (AWS KMS) key in the Creative account and has associated the key with the S3 bucket. However, when users from the Strategy account assume the IAM role and try to access objects in the S3 bucket, they receive an Access Denied error.
The solutions architect must ensure that users in the Strategy account can access the S3 bucket. The solution must provide these users with only the minimum permissions that they need.
Which combination of steps should the solutions architect take to meet these requirements? (Choose three.)

  • A. Create a bucket policy that includes read permissions for the S3 bucket. Set the principal of the bucket policy to the account ID of the Strategy account.
  • B. Update the strategy_reviewer IAM role to grant full permissions for the S3 bucket and to grant decrypt permissions for the custom KMS key.
  • C. Update the custom KMS key policy in the Creative account to grant decrypt permissions to the strategy_reviewer IAM role.
  • D. Create a bucket policy that includes read permissions for the S3 bucket. Set the principal of the bucket policy to an anonymous user.
  • E. Update the custom KMS key policy in the Creative account to grant encrypt permissions to the strategy_reviewer IAM role.
  • F. Update the strategy_reviewer IAM role to grant read permissions for the S3 bucket and to grant decrypt permissions for the custom KMS key.
Show Suggested Answer Hide Answer
Suggested Answer: ACF 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Enigmaaaaaa
2 years, 4 months ago
Selected Answer: ACF
ACF nothing else make sense - users need to decrypt and read
upvoted 4 times
...
aandc
2 years, 5 months ago
ACF for sure
upvoted 2 times
...
TechX
2 years, 5 months ago
Selected Answer: ACF
Should be ACF
upvoted 1 times
...
Yamchi
2 years, 7 months ago
A C F for me
upvoted 2 times
...
Bigbearcn
2 years, 7 months ago
Selected Answer: ACF
It's ACF.
upvoted 1 times
...
snakecharmer2
2 years, 7 months ago
Selected Answer: ACF
https://aws.amazon.com/premiumsupport/knowledge-center/cross-account-access-denied-error-s3/ ACF In addition to the url above, you can eliminate the 3 of the answers easily B- wrong becuase of the "full access" D- wrong because of the "anonymous user" E- wrong because of the "encrypt" - u need decrypt permission
upvoted 4 times
...
mirnuj_atom
2 years, 7 months ago
Selected Answer: ACF
shouldn't it be ACF?
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...