ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company runs an analytics platform on AWS. Data Scientists, Data Engineers, and Audit staff each need different levels of access to several Amazon S3 buckets and AWS Glue jobs. To follow the principles of subject-based role-based access control (RBAC) and keep policy administration simple, which approach should the security engineer implement?
Attach individual identity-based policies directly to each user account so that every user receives only the permissions they personally need.
Configure S3 bucket ACLs and Glue resource policies to grant access to specific IAM user ARNs without using groups or roles.
Create separate IAM groups (or roles) for Data Scientists, Data Engineers, and Auditors, attach the appropriate permission policies to each group, and add users to the groups.
Apply distinct resource-based policies to every S3 bucket and Glue job that list the ARNs of allowed users for each action.
Subject-based RBAC assigns permissions to collections of subjects that share a common job function, rather than granting rights directly to individual users or defining policies on every resource. In AWS, the closest analogue to an RBAC role is an IAM group (or an IAM role assumed by many users). By attaching the required permission policies to a dedicated IAM group for each team and adding users to the appropriate group, the engineer centralizes permission management and aligns access with job roles. Granting policies to individual users bypasses the role concept and becomes hard to maintain. Placing separate resource-based policies or ACLs on every S3 bucket and Glue job focuses on the objects, not the subjects, and scales poorly as resources grow. Therefore, creating team-specific IAM groups (or roles) with the needed permissions is the best way to implement subject-based RBAC in AWS.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is RBAC in the context of AWS?
Open an interactive chat with Bash
What is the difference between an IAM group and an IAM role?
Open an interactive chat with Bash
Why is resource-based access less scalable in AWS environments?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .