🔥 40% Off Crucial Exams Memberships — This Week Only

2 days, 12 hours remaining!
Crucial Exams

ISC2 Systems Security Certified Practitioner (SSCP) Practice Question

A security engineer must ensure that developers can read and write only to Amazon S3 objects belonging to the same project they are assigned. Each developer assumes an IAM role from their AWS account into a shared services account that hosts many project buckets. Which approach best implements attribute-based access control (ABAC) for this requirement?

  • Expose every project bucket through an S3 Access Point restricted to the developers' VPC and use those access points for access control.

  • Tag the IAM role session with a Project value, tag each S3 bucket with the corresponding Project key, and attach one IAM policy that allows s3:* when aws:PrincipalTag/Project equals aws:ResourceTag/Project.

  • Create individual bucket policies listing the ARNs of developer roles that should have access to each project bucket.

  • Attach a service control policy (SCP) to each developer's AWS account that permits access only to buckets whose names start with the project code.

ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot