Multiple Choice
A company is using AWS Organizations to manage multiple AWS accounts. The company has an application that allows users to assume the AppUser IAM role to download files from an Amazon S3 bucket that is encrypted with an AWS KMS CMK. However, when users try to access the files in the S3 bucket, they get an access denied error. What should a security engineer do to troubleshoot this error? (Choose three.)
A) Ensure the KMS policy allows the AppUser role to have permission to decrypt for the CMK.
B) Ensure the S3 bucket policy allows the AppUser role to have permission to get objects for the S3 bucket.
C) Ensure the CMK was created before the S3 bucket.
D) Ensure the S3 block public access feature is enabled for the S3 bucket.
E) Ensure that automatic key rotation is disabled for the CMK.
F) Ensure the SCPs within Organizations allow access to the S3 bucket.
Correct Answer:
Verified
Correct Answer:
Verified
Q60: An application is currently secured using network
Q61: A company has deployed a custom DNS
Q62: A Security Engineer has been asked to
Q63: A company's on-premises networks are connected to
Q64: A company uses an Amazon S3 bucket
Q66: An application is running on an Amazon
Q67: A Security Administrator is restricting the capabilities
Q68: A security engineer received an Amazon GuardDuty
Q69: A company uses identity federation to authenticate
Q70: A Security Engineer manages AWS Organizations for