Topic 1 Question 136

AWS Certified Security - Specialty

Topic 1 Question 136
A company has an application that needs to get objects from an Amazon S3 bucket. The application runs on Amazon EC2 instances.

All the objects in the S3 bucket are encrypted with an AWS Key Management Service (AWS KMS) customer managed key. The resources in the VPC do not have access to the internet and use a gateway VPC endpoint to access Amazon S3.

The company discovers that the application is unable to get objects from the S3 bucket.

Which factors could cause this issue?

3 つ選択
- The IAM instance profile that is attached to the EC2 instances does not allow the s3:ListBucket action for the S3 bucket.
- The IAM instance profile that is attached to the EC2 instances does not allow the s3:ListParts action for the S3 bucket.
- The KMS key policy that encrypts the objects in the S3 bucket does not allow the kms:ListKeys action to the EC2 instance profile ARN.
- The KMS key policy that encrypts the objects in the S3 bucket does not allow the kms:Decrypt action to the EC2 instance profile ARN.
- The S3 bucket policy does not allow access from the gateway VPC endpoint.
- The security group that is attached to the EC2 instances is missing an inbound rule from the S3 managed prefix list over port 443.
ユーザの投票
コメント(5)
- ADE -Agree
  
  See similar question https://www.examtopics.com/discussions/amazon/view/87982-exam-aws-certified-security-specialty-topic-1-question-327/
  
  👍 4
  Zek2024/05/13
- 正解だと思う選択肢: ADE
  ADE look right
  
  👍 2
  Certified1012024/05/19
- 正解だと思う選択肢: ADE
  A, D, E are correct
  
  👍 2
  navid13652024/07/28
シャッフルモード

ユーザの投票

コメント(5)