SCS-C01 Exam: Which Statement is TRUE?

Which Statement is TRUE?

Prev Question Next Question

Question

Which statement is TRUE?

Answers

A. Bob can list contents of the logs bucket. Alice can read objects from the Development folder inside the logs bucket.

B. Both Alice and Bob can list all buckets.Alice can write objects into the Development folder inside the logs bucket.

C. Alice can write objects into logs bucket.Bob can not write objects into the Development folder inside the logs bucket.

D. Bob and Alice can list contents of all buckets.Bob and Alice can not write objects into the Development folder inside the logs bucket.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer: A.

Option A is CORRECT because GroupPolicy2 has an explicit grant giving the IAM Group ListBucket permission on root level items of logs bucket; and InlinePolicy2 has an explicit grant giving Alice get object permissions on Development folder inside logs bucket.

Option B is incorrect because the bucket policy has explicit deny on put object permission for all users.

Option C is incorrect because bucket policy has explicit deny on put object permissions for all users.

Option D is incorrect because Bob and Alice do not have permission to list the contents of all buckets.They only have permissions to list root-level objects of the logs bucket.There is an implicit deny on all other buckets.

Reference:

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html

The question is related to the AWS S3 bucket access permissions for two users, Bob and Alice. We need to identify the correct statement based on the access permissions of these users.

Option A states that Bob can list contents of the logs bucket, and Alice can read objects from the Development folder inside the logs bucket. This option implies that both Bob and Alice have access to the logs bucket, but Alice has access to a specific folder inside the bucket. However, the option does not mention anything about Alice's write permissions, which makes this option incomplete. Hence, this option is not the correct answer.

Option B states that both Alice and Bob can list all buckets, and Alice can write objects into the Development folder inside the logs bucket. This option implies that both Alice and Bob have access to all buckets, and Alice can write objects in a specific folder inside the logs bucket. This option does not restrict Bob's permissions, but it does not mention anything about Bob's write permissions in the Development folder inside the logs bucket. Therefore, this option is incorrect.

Option C states that Alice can write objects into the logs bucket, and Bob cannot write objects into the Development folder inside the logs bucket. This option implies that Alice has write access to the entire logs bucket, but Bob has restricted write access to the Development folder inside the bucket. This option does not mention anything about the users' list permissions, which makes it incomplete. Hence, this option is not the correct answer.

Option D states that both Bob and Alice can list the contents of all buckets, and both Bob and Alice cannot write objects into the Development folder inside the logs bucket. This option implies that both Alice and Bob can only list the contents of the buckets, and neither of them has write access to the Development folder inside the logs bucket. This option is complete and mentions the access permissions for both users. Therefore, this option is the correct answer.

In summary, the correct answer to the question is Option D.

Prev Question Next Question