Topic 1 Question 418
A solutions architect needs to allow team members to access Amazon S3 buckets in two different AWS accounts: a development account and a production account. The team currently has access to S3 buckets in the development account by using unique IAM users that are assigned to an IAM group that has appropriate permissions in the account.
The solutions architect has created an IAM role in the production account. The role has a policy that grants access to an S3 bucket in the production account.
Which solution will meet these requirements while complying with the principle of least privilege?
Attach the Administrator Access policy to the development account users.
Add the development account as a principal in the trust policy of the role in the production account.
Turn off the S3 Block Public Access feature on the S3 bucket in the production account.
Create a user in the production account with unique credentials for each team member.
ユーザの投票
コメント(6)
well, if you made it this far, it means you are persistent :) Good luck with your exam!
👍 16kels12023/04/20- 正解だと思う選択肢: B
B is the correct answer
👍 2Akademik62023/03/22 - 正解だと思う選択肢: B
Answer A, attaching the Administrator Access policy to development account users, provides too many permissions and violates the principle of least privilege. This would give users more access than they need, which could lead to security issues if their credentials are compromised.
Answer C, turning off the S3 Block Public Access feature, is not a recommended solution as it is a security best practice to enable S3 Block Public Access to prevent accidental public access to S3 buckets.
Answer D, creating a user in the production account with unique credentials for each team member, is also not a recommended solution as it can be difficult to manage and scale for large teams. It is also less secure, as individual user credentials can be more easily compromised.
👍 2Buruguduystunstugudunstuy2023/03/25
シャッフルモード