AWS Certified Developer Associate DVA-C02 Practice Question
An application deployed on AWS requires the ability to perform read operations on objects within a specific Amazon S3 bucket and write logs to a different S3 bucket. Which IAM policy statement adheres most closely to the principle of least privilege?
Allow 's3:*' on the ARN of both the input and output buckets.
Allow 's3:GetObject' on all resources using a wildcard (*) and 's3:PutObject' on the ARN of the output bucket.
Allow 's3:GetObject' on the ARN of the input bucket and 's3:PutObject' on any resource using a wildcard (*).
Allow 's3:GetObject' on the ARN of the input bucket and 's3:PutObject' on the ARN of the output bucket.
While all provided options might seem workable, the best answer is the one that grants explicit read access (GetObject) to the required bucket and write access (PutObject) to the logging bucket, without overextending permissions. The incorrect options either over-permit by using a wildcard action, under-permit by not providing necessary access, or incorrectly scope the resource, violating the principle of least privilege.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege?
Open an interactive chat with Bash
What are IAM policies in AWS?
Open an interactive chat with Bash
What are ARNs and how are they used in AWS?
Open an interactive chat with Bash
AWS Certified Developer Associate DVA-C02
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access