SCS-C02 · Question #452
SCS-C02 Question #452: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #452. The question stem and answer options stay visible for context.
Question
A company needs to prevent Amazon S3 objects from being shared with IAM identities outside of the company's organization in AWS Organizations. A security engineer is creating and deploying an SCP to accomplish this goal. The company has enabled the S3 Block Public Access feature on all of its S3 buckets. What should the SCP do to meet these requirements?
Options
- ADeny the S3:* action with a Condition element that comprises an operator of StringNotEquals, a
- BDeny the S3:PutAccountPublicAccessBlock action with a Condition element that comprises an
- CAllow the S3:* action with a Condition element that comprises an operator of StringNotEquals, a
- DDeny the S3:* action with a Condition element that comprises an operator of StringLike, a key of
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.