Questions 61 to 63

Explanations for questions 61 to 63

We'll cover the following

Question 61

An application will gather data from a website hosted on an EC2 instance and write the data to an S3 bucket. The application will use API calls to interact with the EC2 instance and S3 bucket.

Which Amazon S3 access control method will be the most operationally efficient? (Select TWO)

  1. Create a bucket policy.
  2. Grant programmatic access.
  3. Use key pairs.
  4. Grant AWS Management Console access.
  5. Create an IAM policy.

Correct Answer: 2, 5

Explanation: Policies are documents that define permissions and can be applied to users, groups, and roles. Policy documents are written in JSON (key-value pair that consists of an attribute and a value).

Within an IAM policy, you can grant either programmatic access or AWS Management Console access to Amazon S3 resources.

INCORRECT: “Create a bucket policy.” is incorrect as it is more efficient to use an IAM policy.

CORRECT: “Grant programmatic access.” is a correct answer.

INCORRECT: “Use key pairs.” is incorrect. Key pairs are used for access to EC2 instances; a bucket policy would not assist with access control with EC2, and granting Management Console access will not assist the application that is making API calls to the services.

INCORRECT: “Grant AWS Management Console access.” is incorrect as programmatic access is required.

CORRECT: “Create an IAM policy.” is also a correct answer.

References:

https://aws.amazon.com/blogs/security/writing-iam-policies-how-to-grant-access-to-an-amazon-s3-bucket/

Level up your interview prep. Join Educative to access 70+ hands-on prep courses.