DVA-C02 · Question #154
A developer is creating an application for a company. The application needs to read the file doc.txt that is placed in the root folder of an Amazon S3 bucket that is named DOC-EXAMPLE- BUCKET. The com
The correct answer is A. { "Action": [ "s3:GetObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET/doc.txt" }. Option A correctly applies the principle of least privilege by granting only the minimum required permission (s3:GetObject) to access only the specific resource needed (the exact file doc.txt in the specified bucket). This means the application can read that one file and nothing
Question
A developer is creating an application for a company. The application needs to read the file doc.txt that is placed in the root folder of an Amazon S3 bucket that is named DOC-EXAMPLE- BUCKET. The company's security team requires the principle of least privilege to be applied to the application's IAM policy. Which IAM policy statement will meet these security requirements? A. B. C. D.
Exhibits
Options
- A{ "Action": [ "s3:GetObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET/doc.txt" }
- B{ "Action": [ "s3:" ], "Effect": "Allow", "Resource": "" }
- C{ "Action": [ "s3:GetObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*" }
- D{ "Action": [ "s3:*" ], "Effect": "Allow", "Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET/doc.txt" }
How the community answered
(51 responses)- A94% (48)
- B2% (1)
- C4% (2)
Explanation
Option A correctly applies the principle of least privilege by granting only the minimum required permission (s3:GetObject) to access only the specific resource needed (the exact file doc.txt in the specified bucket). This means the application can read that one file and nothing else, which is exactly what the requirements demand.
Topics
Community Discussion
No community discussion yet for this question.

