Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam SCS-C02 Topic 9 Question 38 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 38
Topic #: 9
[All SCS-C02 Questions]

A developer operations team uses AWS Identity and Access Management (1AM) to manage user permissions The team created an Amazon EC2 instance profile role that uses an AWS managed Readonly Access policy. When an application that is running on Amazon EC2 tries to read a file from an encrypted Amazon S3 bucket, the application receives an AccessDenied error.

The team administrator has verified that the S3 bucket policy allows everyone in the account to access the S3 bucket. There is no object ACL that is attached to the file.

What should the administrator do to fix the 1AM access issue?

Show Suggested Answer Hide Answer
Suggested Answer: B

Utilizing CloudFront signed cookies is the simplest and most effective way to protect HLS video content for paying subscribers. Signed cookies provide access control for multiple files, such as video chunks in HLS streaming, without the need to generate a signed URL for each video chunk. This method simplifies the process for long video events with thousands of chunks, enhancing user experience while ensuring content protection.


by Johnna at Dec 06, 2024, 01:10 AM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Fairy
15 days ago
I bet the administrator is wishing they had a magic 8-ball to tell them the right answer. Luckily, Option C is the clear choice here.
upvoted 0 times
...
Donette
22 days ago
This is a classic case of 'the answer is always in the question'. The IAM role needs the KMS decrypt permission, so Option C is the correct answer. Easy peasy!
upvoted 0 times
...
Georgiann
23 days ago
Haha, looks like the administrator forgot to give the IAM role the right permissions. Option C is the way to fix this, no need to go messing with the S3 bucket policy.
upvoted 0 times
...
Elke
1 months ago
I'm pretty sure the S3 bucket policy is not the problem here. The IAM role needs the correct permissions to access the encrypted S3 object, which means we need to add the KMS decrypt action.
upvoted 0 times
Wilda
15 days ago
D: No, we need to focus on adding the decryption permissions to the IAM role.
upvoted 0 times
...
Dominga
16 days ago
C: Add the EC2 IAM role as the authorized Principal to the S3 bucket policy.
upvoted 0 times
...
Kiley
26 days ago
B: That makes sense, we need to allow decryption of the encrypted S3 object.
upvoted 0 times
...
Tien
29 days ago
A: Edit the ReadOnlyAccess policy to add kms:Decrypt actions.
upvoted 0 times
...
...
Dolores
1 months ago
Option C looks like the way to go. The issue is with the IAM role's permissions, so we need to add the necessary KMS permissions to that role.
upvoted 0 times
...
Olene
2 months ago
I'm not sure. Maybe attaching an inline policy with kms Decrypt permissions to the 1AM role could also work.
upvoted 0 times
...
Genevive
2 months ago
I agree with Remedios. Adding kms:Decrypt actions to the policy should fix the access issue.
upvoted 0 times
...
Remedios
2 months ago
I think the administrator should edit the ReadOnlyAccess policy to add kms:Decrypt actions.
upvoted 0 times
...

Save Cancel