Amazon Exam SCS-C02 Topic 9 Question 38 Discussion

Actual exam question for Amazon's SCS-C02 exam

Question #: 38
Topic #: 9

A developer operations team uses AWS Identity and Access Management (1AM) to manage user permissions The team created an Amazon EC2 instance profile role that uses an AWS managed Readonly Access policy. When an application that is running on Amazon EC2 tries to read a file from an encrypted Amazon S3 bucket, the application receives an AccessDenied error.

The team administrator has verified that the S3 bucket policy allows everyone in the account to access the S3 bucket. There is no object ACL that is attached to the file.

What should the administrator do to fix the 1AM access issue?

AEdit the ReadOnlyAccess policy to add kms:Decrypt actions.

BAdd the EC2 1AM role as the authorized Principal to the S3 bucket policy.

CAttach an inline policy with kms Decrypt permissions to the 1AM role

DAttach an inline policy with S3: * permissions to the 1AM role.

Show Suggested Answer

Suggested Answer: B

Utilizing CloudFront signed cookies is the simplest and most effective way to protect HLS video content for paying subscribers. Signed cookies provide access control for multiple files, such as video chunks in HLS streaming, without the need to generate a signed URL for each video chunk. This method simplifies the process for long video events with thousands of chunks, enhancing user experience while ensuring content protection.

by Johnna at Dec 06, 2024, 01:10 AM

Limited Time Offer

25%

14 days ago

I think the administrator should edit the ReadOnlyAccess policy to add kms:Decrypt actions.

upvoted 0 times

...