Amazon Exam SCS-C02 Topic 9 Question 38 Discussion

Actual exam question for Amazon's SCS-C02 exam

Question #: 38
Topic #: 9

A developer operations team uses AWS Identity and Access Management (1AM) to manage user permissions The team created an Amazon EC2 instance profile role that uses an AWS managed Readonly Access policy. When an application that is running on Amazon EC2 tries to read a file from an encrypted Amazon S3 bucket, the application receives an AccessDenied error.

The team administrator has verified that the S3 bucket policy allows everyone in the account to access the S3 bucket. There is no object ACL that is attached to the file.

What should the administrator do to fix the 1AM access issue?

AEdit the ReadOnlyAccess policy to add kms:Decrypt actions.

BAdd the EC2 1AM role as the authorized Principal to the S3 bucket policy.

CAttach an inline policy with kms Decrypt permissions to the 1AM role

DAttach an inline policy with S3: * permissions to the 1AM role.

Show Suggested Answer

Suggested Answer: B

Utilizing CloudFront signed cookies is the simplest and most effective way to protect HLS video content for paying subscribers. Signed cookies provide access control for multiple files, such as video chunks in HLS streaming, without the need to generate a signed URL for each video chunk. This method simplifies the process for long video events with thousands of chunks, enhancing user experience while ensuring content protection.

by Johnna at Dec 06, 2024, 01:10 AM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Fairy

1 months ago

I bet the administrator is wishing they had a magic 8-ball to tell them the right answer. Luckily, Option C is the clear choice here.

upvoted 0 times

Teddy

3 days ago

Verify that the application is using the correct credentials to access the S3 bucket.

upvoted 0 times

...

Valene

4 days ago

Update the EC2 instance profile role to include the necessary permissions for accessing encrypted S3 buckets.

upvoted 0 times

...

Cherri

8 days ago

Make sure the application has the correct permissions to access the S3 bucket.

upvoted 0 times

...

Berry

11 days ago

Check if the EC2 instance profile role has the necessary permissions.

upvoted 0 times

...

Donette

1 months ago

This is a classic case of 'the answer is always in the question'. The IAM role needs the KMS decrypt permission, so Option C is the correct answer. Easy peasy!

upvoted 0 times

...

Georgiann

1 months ago

Haha, looks like the administrator forgot to give the IAM role the right permissions. Option C is the way to fix this, no need to go messing with the S3 bucket policy.

upvoted 0 times

Markus

1 days ago

That makes sense, no need to mess with the S3 bucket policy then.

upvoted 0 times

...

Bulah

3 days ago

Yeah, attaching an inline policy with kms Decrypt permissions to the 1AM role should do the trick.

upvoted 0 times

...

Georgene

15 days ago

Option C is the best solution here.

upvoted 0 times

...

Elke

2 months ago

I'm pretty sure the S3 bucket policy is not the problem here. The IAM role needs the correct permissions to access the encrypted S3 object, which means we need to add the KMS decrypt action.

upvoted 0 times