Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS-Certified-Big-Data-Specialty

Free Amazon AWS-Certified-Big-Data-Specialty Exam Braindumps (page: 21)

Page 21 of 124
PDF with 492 Questions

A user is creating an S3 bucket policy. Which of the below mentioned elements the user will not include as part of it?

  1. Actions
  2. Buckets
  3. Principal
  4. Resource

Answer(s): B

Explanation:

When creating an S3 bucket policy, the user needs to define the resource (which will have the bucket or the object), actions, effect and principal.
They are explained below:
Resources – Buckets and objects are the Amazon S3 resources for which user can allow or deny permissions.
Actions – For each resource, Amazon S3 supports a set of operations. user identifies resource operations which will allow (or deny) by using action keywords
Effect – What the effect will be when the user requests the specific action—this can be either allow or deny.
Principal – The account or user who is allowed access to the actions and resources in the statement. You specify principal only in a bucket policy. It is the user, account, service, or other entity who is the recipient of this permission. In a user policy, the user to which the policy is attached is the implicit principal.


Reference:

http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-languageoverview.html



An IAM user is performing an operation on another account's S3 bucket. What will S3 first check in this context?

  1. Verifies that the bucket has the required policy defined for access the IAM user
  2. Verifies if the parent account of the IAM user has granted sufficient permission
  3. Reject the request since the IAM user does not belong to the root account
  4. Verifies if the IAM policy is available for the root account to provide permission to the other IAM users

Answer(s): B



You can use in an Amazon S3 bucket policy for cross-account access, which means an AWS account can access resources in another AWS account.

  1. access key IDs
  2. secret access keys
  3. account IDs
  4. canonical user IDs

Answer(s): D

Explanation:

You can use canonical user IDs in an Amazon S3 bucket policy for cross-account access, which means an AWS account can access resources in another AWS account. For example, to grant another AWS account access to your bucket, you specify the account's canonical user ID in the bucket's policy.


Reference:

http://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html



A root account owner is trying to understand the S3 bucket ACL. Which choice below is a not a predefined group which can be granted object access via ACL?

  1. Canonical user group
  2. Log Delivery Group
  3. All users group
  4. Authenticated user group

Answer(s): A

Explanation:

An S3 bucket ACL grantee can be an AWS account or one of the predefined Amazon S3 groups. Amazon S3 has a set of predefined groups. When granting account access to a group, the user can specify one of the URLs of that group instead of a canonical user ID. Amazon S3 has the following predefined groups:
. Authenticated Users group: It represents all AWS accounts.
. All Users group: Access permission to this group allows anyone to access the resource.
. Log Delivery group: WRITE permission on a bucket enables this group to write server access logs to the bucket.


Reference:

http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html






Post your Comments and Discuss Amazon AWS-Certified-Big-Data-Specialty exam prep with other Community members:

AWS-Certified-Big-Data-Specialty Exam Discussions & Posts