Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Developer Associate I Do not understand the answer to the following question

  • I Do not understand the answer to the following question

  • wail-el-edghiri

    Member
    May 17, 2023 at 9:31 pm

    Hello all,

    I’m new to this forum and would like to get help on the following question from test 1 in the aws associate developer certification set tests

    A company has created a private S3 bucket named tdojo. The Developer IAM role must be granted read access to all objects within this bucket. However, objects stored under the qa folder should be restricted to the QA IAM role only.

    Which S3 bucket policy will effectively implement the principle of least privilege access while satisfying the given requirements?

    I don’t understand why the answer should be granting the developer team access to all the objects in the bucket while in the question it’s stated that the qa object should only be accessible to QA role. Thanks in advance for your help.

  • Carlo-TutorialsDojo

    Member
    May 19, 2023 at 12:31 am

    Hello wail-el-edghiri,

    Thanks for your feedback.

    The scenario specifically states two conditions. First, the Developer IAM role needs to have read access to all objects in the bucket. This is just one part of the equation. The second piece is that the QA role should only have access to the ‘qa’ folder. The correct option must address both of these requirements.

    Let me know if this answers your question.

    Regards,

    Carlo @ Tutorials Dojo

    • fxwinter

      Member
      September 24, 2024 at 7:56 pm

      Hi – i stumbled over this same question for the same reason.

      >The second piece is that the QA role should only have access to the ‘qa’ folder.

      This is not what it states. It states that objects in the qa folder should be restricted to the QA role exclusively.

      The question is clearly ambiguous (if not flat out wrong), as it specifies that “objects stored under the qa folder should be restricted to the QA IAM role only”, i.e. anything inside this folder is *only* accessible for the QA role and noone else. Even though it also says that the developer role should be granted read access to all objects, when the next sentence starts with “However[…]” it reads like what follows is an exception to that.

      I would suggest simply rephrasing the third sentence to “The QA IAM role however, should be restricted to objects stored under the qa folder only.”

      • JR-TutorialsDojo

        Administrator
        September 25, 2024 at 12:26 pm

        Hello fxwinter,

        Thank you for bringing this to our attention.

        We appreciate your feedback and understand the confusion caused by the question’s wording. We will make the necessary updates to eliminate any ambiguity, and these changes should be reflected on the portal soon.

        If you have any additional suggestions or feedback, please feel free to share them with us. We are committed to improving our practice tests based on user input.

        Best regards,
        JR @ Tutorials Dojo

        • Jayid

          Member
          October 13, 2024 at 8:53 am

          Hello, following up here. This question was asked more than a year ago but it still hasn’t been updated yet. ☹

          • JR-TutorialsDojo

            Administrator
            October 14, 2024 at 12:15 pm

            Hello Jayid,

            Thank you for reaching out.

            We have already submitted our update for this item, and this should be reflected on the portal soon.

            Thank you for your patience!

            Regards,
            JR @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now
Skip to content