AWS Certified Solutions Architect Associate SAA-C03 Practice Question

A company operates under a multi-account strategy where one account is managed by the security engineers and another is operated by a separate team responsible for network administration. The security team needs to allow the network administration team's account access to a specific Amazon S3 bucket without broadening the access to other accounts. Which of the following is the MOST secure way to grant the required access?

  • Edit the S3 bucket's Access Control List (ACL) to include the user identifiers from the team handling network administration.

  • Attach a resource-based policy directly to the S3 bucket identifying the network administration team's account as the principal with the specified permissions.

  • Set up a bucket policy that limits access to the S3 bucket based on the source IP range of the network administration team's office location.

  • Implement a policy for individual users in the security engineers' account that grants permissions to the network administration team.

AWS Certified Solutions Architect Associate SAA-C03
Design Secure Architectures
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot
AI Bot