Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

🚀 25% OFF All Practice Exams, Video Courses, & eBooks – Cyber Sale Extension!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty access denied s3 cli copy scenario

Tagged: ,

  • access denied s3 cli copy scenario

  • kung

    Member
    April 26, 2020 at 7:54 am

    Security speciality (sampler) question about the ’aws s3 cp’ scenario with the 10GB file.

    Question asks for potential reasons causing the ‘access denied’ error.
    One of the answers states:

    ”The IAM policy of the developer does include the kms:Decrypt permission.”

    Isn’t a ’not’ missing here?

    As in the explanation you mentioned you need encrypt/decrypt/reencrypt/generatedatakey/describekey actions

    which would also make the answer

    ’The kms:Encrypt permission is missing from the IAM policy of the developers.’

    be correct?

    Or am I missing something here?

    Cheers,

    Robert

  • Jon-Bonso

    Administrator
    April 26, 2020 at 11:17 pm

    Hi Robert,

    Thank you so much for bringing this up to our attention. We have a typo in one of the correct answers and it should say: “…the developer does not include the kms:Decrypt permission.” instead. This will be updated in our practice tests soon.

    The scenario is actually based on this official AWS article:

    https://aws.amazon.com/premiumsupport/knowledge-center/s3-large-file-encryption-kms-key/

    The option that mentions kms:Encrypt is incorrect because the scenario says that the operation is already successful whenever the developer uploads a smaller file. This signifies that the developer already has the kms:Encrypt permission.

    Thanks again for letting us know about this issue. As always, feel free to message us if you need further assistance. The Tutorials Dojo team is dedicated to help you pass your AWS exam on your first try!

    Regards,

    Jon Bonso @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now
Skip to content