Crucial Exams

AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question

An operations engineer just created an Amazon S3 bucket in a new AWS account. Minutes later security tooling reports that a principal from another AWS account can read objects in the bucket, even though the engineer believes cross-account access is blocked. The engineer must quickly identify which policy grants this external access without adding logging or extra scanning services. Which solution meets these requirements?

  • Create an account-level IAM Access Analyzer in the Region and review its findings for the bucket to see the policy statement permitting external access.

  • Enable Amazon S3 server access logging on the bucket and manually inspect the log files to determine which policy was evaluated.

  • Use AWS CloudTrail Lake to run a query on recent GetObject events and trace the IAM policies attached to the calling principal.

  • Run an Amazon Macie bucket assessment and use the generated Policy Findings report to locate the offending statement.

AWS Certified CloudOps Engineer Associate SOA-C03
Security and Compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot