Free AWS Certified Solutions Architect Associate SAA-C03 Practice Question

A company operates under a multi-account strategy where one account is managed by the security engineers and another is operated by a separate team responsible for network administration. The security team needs to allow the network administration team's account access to a specific Amazon S3 bucket without broadening the access to other accounts. Which of the following is the MOST secure way to grant the required access?

  • Attach a resource-based policy directly to the S3 bucket identifying the network administration team's account as the principal with the specified permissions.

  • Implement a policy for individual users in the security engineers' account that grants permissions to the network administration team.

  • Set up a bucket policy that limits access to the S3 bucket based on the source IP range of the network administration team's office location.

  • Edit the S3 bucket's Access Control List (ACL) to include the user identifiers from the team handling network administration.

This question's topic:
AWS Certified Solutions Architect Associate SAA-C03 / 
Design Secure Architectures
Your Score:

Check or uncheck an objective to set which questions you will receive.