AWS Certified Security – Specialty SCS-C01 – Question078

A Systems Administrator has written the following Amazon S3 bucket policy designed to allow access to an S3 bucket for only an authorized AWS IAM user from the IP address range 10.10.10.0/24:

When trying to download an object from the S3 bucket from 10.10.10.40, the IAM user receives an access denied message. What does the Administrator need to change to grant access to the user?

A.
Change the “Resource” from “arn: aws:s3:::Bucket” to “arn:aws:s3:::Bucket/*”.
B. Change the “Principal” from “*” to {AWS:”arn:aws:iam: : account-number: user/username”}
C. Change the “Version” from “2012-10-17” to the last revised date of the policy
D. Change the “Action” from [“s3:*”] to [“s3:GetObject”, “s3:ListBucket”]

Correct Answer: A