ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 134 discussion

Exam question from Amazon's AWS-SysOps
Question #: 134
Topic #: 1
[All AWS-SysOps Questions]

A root account owner has created an S3 bucket testmycloud. The account owner wants to allow everyone to upload the objects as well as enforce that the person who uploaded the object should manage the permission of those objects. Which is the easiest way to achieve this?

  • A. The root account owner should create a bucket policy which allows the IAM users to upload the object
  • B. The root account owner should create the bucket policy which allows the other account owners to set the object policy of that bucket
  • C. The root account should use ACL with the bucket to allow everyone to upload the object
  • D. The root account should create the IAM users and provide them the permission to upload content to the bucket
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Each AWS S3 bucket and object has an ACL (Access Control List. associated with it. An ACL is a list of grants identifying the grantee and the permission granted.
The user can use ACLs to grant basic read/write permissions to other AWS accounts. ACLs use an Amazon S3ג€"specific XML schema. The user cannot grant permissions to other users in his account. ACLs are suitable for specific scenarios. For example, if a bucket owner allows other AWS accounts to upload objects, permissions to these objects can only be managed using the object ACL by the AWS account that owns the object.
by newbie2019 at Oct. 31, 2019, 11:58 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
hussainbh
5 months, 4 weeks ago
https://docs.aws.amazon.com/AmazonS3/latest/user-guide/set-object-permissions.html C
upvoted 1 times
...
vankarss
6 months ago
The answer is wrong. B is the correct answer https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/
upvoted 2 times
axe_92
6 months ago
you can allow certain users using bucket policy but for object level permissions you are going to use ACL
upvoted 1 times
...
...
awscertified
6 months, 2 weeks ago
C. The root account should use ACL with the bucket to allow everyone to upload the object
upvoted 2 times
...
newbie2019
7 months ago
B is wrong as there is no object-level policy (ACL is used for that).
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago