SAP-C02 · Question #864
SAP-C02 Question #864: Real Exam Question with Answer & Explanation
Sign in or unlock SAP-C02 to reveal the answer and full explanation for question #864. The question stem and answer options stay visible for context.
Question
A company uses Microsoft Active Directory for user management and Microsoft Entra ID as an identity provider (IdP). The company uses an organization in AWS Organizations to manage multiple AWS accounts. The company establishes an AWS IAM Identity Center instance that is integrated with the IdP and creates the required user groups. Multiple company departments and applications use Amazon S3. The company uses S3 bucket policies to manage permissions. As a result of the granular permissions the company creates, the policies grow so large that they reach the quota for S3 bucket policy length. The company needs to simplify the process of managing granular S3 bucket permissions for company identities. Which solution will meet this requirement with the LEAST operational overhead?
Options
- ACreate an S3 Access Grant. Associate the S3 Access Grant with the IAM Identity Center instance.
- BCreate an S3 access point for each of the S3 buckets. Create an AWS Lambda function to query
- CCreate an S3 access point for each of the S3 buckets. Block public access in the S3 access point
- DGroup users into appropriate OUs in Organizations. Create SCPs to grant access to specific S3
Unlock SAP-C02 to see the answer
You've previewed enough free SAP-C02 questions. Unlock SAP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.