New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SCS-C02 Exam - Topic 7 Question 30 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 30
Topic #: 7
[All SCS-C02 Questions]

A company has multiple departments. Each department has its own IAM account. All these accounts belong to the same organization in IAM Organizations.

A large .csv file is stored in an Amazon S3 bucket in the sales department's IAM account. The company wants to allow users from the other accounts to access the .csv file's content through the combination of IAM Glue and Amazon Athen

a. However, the company does not want to allow users from the other accounts to access other files in the same folder.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: A

by julien at Sep 16, 2024, 09:46 AM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Yun
3 months ago
B is interesting, but I’m not sure how it integrates with Glue.
upvoted 0 times
...
Gianna
3 months ago
Wait, can S3 Select really restrict access like that? Sounds too good to be true.
upvoted 0 times
...
Raylene
3 months ago
I think A could work too, but it feels a bit risky.
upvoted 0 times
...
Tammy
4 months ago
I disagree, D might be more secure since it specifies the organization.
upvoted 0 times
...
Freeman
4 months ago
Option C seems like the best choice for cross-account access.
upvoted 0 times
...
Izetta
4 months ago
I remember discussing how resource-based policies work, but I'm not clear if specifying the organization as the principal is the right approach here.
upvoted 0 times
...
Earnestine
4 months ago
I believe option C sounds right since it mentions IAM Glue and cross-account access, but I'm a bit confused about the details.
upvoted 0 times
...
Floyd
4 months ago
I think we practiced a question similar to this, and I feel like using S3 Select might limit access, but I can't recall the specifics.
upvoted 0 times
...
Kenneth
5 months ago
I remember something about cross-account access, but I'm not sure if defining a resource policy is the best way to go.
upvoted 0 times
...
Stevie
5 months ago
I'm feeling pretty confident about this one. I'll review the details, but I think option C is the way to go based on the requirements laid out in the question.
upvoted 0 times
...
Olen
5 months ago
This seems straightforward - I'd go with option C and define an IAM Glue Data Catalog resource policy to grant the cross-account access. That should meet the requirements nicely.
upvoted 0 times
...
Kris
5 months ago
Hmm, I'm a bit confused by the different IAM accounts and how to restrict access to just the .csv file. I'll need to review the IAM and S3 access control concepts.
upvoted 0 times
...
Percy
5 months ago
This looks like a tricky one! I'll need to carefully read through the requirements and think through the different options.
upvoted 0 times
...
Chantell
5 months ago
Okay, I think I have a strategy here. I'll focus on using IAM policies and the IAM Glue Data Catalog to grant the necessary cross-account access while restricting it to just the .csv file.
upvoted 0 times
...
Eric
5 months ago
Okay, I think I've got this. Based on the information provided, Option B looks like the correct answer. The Additional Input would need to be configured to send the same data as the SEND/RESPONSE TRANSFORMATIONS, and Option B seems to match that requirement.
upvoted 0 times
...
Whitney
1 year ago
I'm with Billy on this one. Option C is clearly the most precise way to achieve what the company wants. No need to overcomplicate it.
upvoted 0 times
Anglea
1 year ago
Let's go with Option C then, it's the most precise solution.
upvoted 0 times
...
Marya
1 year ago
Yeah, Option C is straightforward and meets all the requirements.
upvoted 0 times
...
Elli
1 year ago
I agree with you, Option C seems like the best choice here.
upvoted 0 times
...
...
Billy
1 year ago
Ha! Typical corporate bureaucracy, trying to give access to a single file without letting people see anything else. Option C is the only way to surgically target that .csv.
upvoted 0 times
Allene
1 year ago
Definitely, it's the best way to ensure only the specific file is accessible.
upvoted 0 times
...
Belen
1 year ago
True, that seems like the most precise solution to the problem.
upvoted 0 times
...
Hester
1 year ago
Option C) Define an IAM Glue Data Catalog resource policy in IAM Glue to grant cross-account S3 object access to the .csv file.
upvoted 0 times
...
...
Tom
1 year ago
Option B with S3 Select sounds interesting, but I'm not sure if it will give us the granular control we need over the specific .csv file. C definitely seems like the best choice here.
upvoted 0 times
Kattie
1 year ago
D) Grant IAM Glue access to Amazon S3 in a resource-based policy that specifies the organization as the principal.
upvoted 0 times
...
Alpha
1 year ago
I agree, option C seems like the best choice to ensure granular control over the specific .csv file.
upvoted 0 times
...
Raymon
1 year ago
C) Define an IAM Glue Data Catalog resource policy in IAM Glue to grant cross-account S3 object access to the .csv file.
upvoted 0 times
...
Charlette
1 year ago
B) Use S3 Select to restrict access to the .csv file. In IAM Glue Data Catalog, use S3 Select as the source of the IAM Glue database.
upvoted 0 times
...
...
Leonie
1 year ago
I'm not sure, but option B also seems like a valid solution to restrict access to the .csv file using S3 Select.
upvoted 0 times
...
Amie
1 year ago
I think option C is the way to go. Defining an IAM Glue Data Catalog resource policy in IAM Glue to grant cross-account S3 object access to the .csv file seems like the most targeted and secure solution.
upvoted 0 times
Leota
1 year ago
True, option C does seem more focused on granting access to that specific file.
upvoted 0 times
...
Darell
1 year ago
D) Grant IAM Glue access to Amazon S3 in a resource-based policy that specifies the organization as the principal.
upvoted 0 times
...
Simona
1 year ago
A) Apply a user policy in the other accounts to allow IAM Glue and Athena to access the .csv file.
upvoted 0 times
...
Halina
1 year ago
C) Define an IAM Glue Data Catalog resource policy in IAM Glue to grant cross-account S3 object access to the .csv file.
upvoted 0 times
...
Fidelia
1 year ago
I think option C is more targeted specifically for granting access to the .csv file only.
upvoted 0 times
...
Stephaine
1 year ago
But wouldn't option D also work since it specifies the organization as the principal?
upvoted 0 times
...
Cheryl
1 year ago
I agree, option C seems like the most secure way to grant access to the .csv file.
upvoted 0 times
...
...
Magnolia
1 year ago
I disagree, I believe option D is the way to go as it specifies the organization as the principal for IAM Glue access to Amazon S3.
upvoted 0 times
...
Yolande
1 year ago
I think option C is the best solution because it allows cross-account access to the specific .csv file.
upvoted 0 times
...

Save Cancel