ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 709 discussion

Exam question from Amazon's AWS-SysOps
Question #: 709
Topic #: 1
[All AWS-SysOps Questions]

An Amazon S3 bucket in a SysOps Administrator's account can be accesses by users in other SWS accounts.
How can the Administrator ensure that the bucket is only accessible to members of the Administrator's AWS account?

  • A. Move the S3 bucket from a public subnet to a private subnet in the Amazon VPC.
  • B. Change the bucket access control list (ACL) to restrict access to the bucket owner.
  • C. Enable server-side encryption for all objects in the bucket.
  • D. Use only Amazon S3 presigned URLs for accessing objects in the bucket.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
by karmaah at Dec. 2, 2019, 8:05 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AWSum1
Highly Voted 3 years ago
B - Remember the Pre-signed URL's are for temporary access
upvoted 15 times
...
e45af42
Most Recent 4 months, 3 weeks ago
Selected Answer: B
It is B
upvoted 1 times
...
TroyMcLure
2 years, 12 months ago
Correct Answer: B
upvoted 1 times
...
RicardoD
3 years ago
B is the answer ACLs are the way to restrict access
upvoted 1 times
...
CountryGent
3 years ago
Ans is D. Q states users not just bucket owners. Besides signed URLs are for everyone inside and outside an account. https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html
upvoted 1 times
...
abhishek_m_86
3 years ago
B. Change the bucket access control list (ACL) to restrict access to the bucket owner. Seem correct
upvoted 2 times
...
kiev
3 years ago
DEFINITELY B. PRE SIGNED URL IS MOSTLY USED FOR THOSE WHO DON'T HAVE ANY CONNECTIONS WITH THE ACCOUNT BUT THIS SITUATION IS DIFFERENT AS THERE ARE ALL MEMBERS OF THE SAME COMPANY.
upvoted 3 times
...
jackdryan
3 years ago
I'll go with B
upvoted 2 times
...
gilbertlelancelo
3 years ago
B .Change the bucket access control list (ACL) to restrict access to the bucket owner.
upvoted 3 times
...
firstabed
3 years ago
B and not D bcz All objects and buckets by default are private. The presigned URLs are useful if you want your user/customer to be able to upload a specific object to your bucket, but you don't require them to have AWS security credentials or permissions
upvoted 1 times
...
Wmatt
3 years ago
no B - I believe bucket access lists only GRANT and cannot deny access https://docs.aws.amazon.com/AmazonS3/latest/user-guide/set-bucket-permissions.html
upvoted 1 times
karmaah
3 years ago
The link you shared having the answer for this question ( B)
upvoted 1 times
...
...
milan24_2000
3 years, 1 month ago
B. as for D, how do you restrict access only for admin?
upvoted 1 times
karmaah
3 years, 1 month ago
Question is not only for admin..members of admin.
upvoted 1 times
karmaah
3 years ago
@milan, you are right. Reviewed again. Thru Canonical ID, access can be granted thru ACL. Ans is B. Note : access can be granted to other account Users or Groups.
upvoted 4 times
...
...
...
karmaah
3 years, 1 month ago
Ans should be D
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago