Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SCS-C02 Topic 7 Question 30 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 30
Topic #: 7
[All SCS-C02 Questions]

A company has multiple departments. Each department has its own IAM account. All these accounts belong to the same organization in IAM Organizations.

A large .csv file is stored in an Amazon S3 bucket in the sales department's IAM account. The company wants to allow users from the other accounts to access the .csv file's content through the combination of IAM Glue and Amazon Athen

a. However, the company does not want to allow users from the other accounts to access other files in the same folder.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: A

Contribute your Thoughts:

Whitney
2 months ago
I'm with Billy on this one. Option C is clearly the most precise way to achieve what the company wants. No need to overcomplicate it.
upvoted 0 times
Anglea
23 days ago
Let's go with Option C then, it's the most precise solution.
upvoted 0 times
...
Marya
1 months ago
Yeah, Option C is straightforward and meets all the requirements.
upvoted 0 times
...
Elli
1 months ago
I agree with you, Option C seems like the best choice here.
upvoted 0 times
...
...
Billy
2 months ago
Ha! Typical corporate bureaucracy, trying to give access to a single file without letting people see anything else. Option C is the only way to surgically target that .csv.
upvoted 0 times
Allene
1 months ago
Definitely, it's the best way to ensure only the specific file is accessible.
upvoted 0 times
...
Belen
1 months ago
True, that seems like the most precise solution to the problem.
upvoted 0 times
...
Hester
2 months ago
Option C) Define an IAM Glue Data Catalog resource policy in IAM Glue to grant cross-account S3 object access to the .csv file.
upvoted 0 times
...
...
Tom
2 months ago
Option B with S3 Select sounds interesting, but I'm not sure if it will give us the granular control we need over the specific .csv file. C definitely seems like the best choice here.
upvoted 0 times
Kattie
1 months ago
D) Grant IAM Glue access to Amazon S3 in a resource-based policy that specifies the organization as the principal.
upvoted 0 times
...
Alpha
1 months ago
I agree, option C seems like the best choice to ensure granular control over the specific .csv file.
upvoted 0 times
...
Raymon
2 months ago
C) Define an IAM Glue Data Catalog resource policy in IAM Glue to grant cross-account S3 object access to the .csv file.
upvoted 0 times
...
Charlette
2 months ago
B) Use S3 Select to restrict access to the .csv file. In IAM Glue Data Catalog, use S3 Select as the source of the IAM Glue database.
upvoted 0 times
...
...
Leonie
2 months ago
I'm not sure, but option B also seems like a valid solution to restrict access to the .csv file using S3 Select.
upvoted 0 times
...
Amie
3 months ago
I think option C is the way to go. Defining an IAM Glue Data Catalog resource policy in IAM Glue to grant cross-account S3 object access to the .csv file seems like the most targeted and secure solution.
upvoted 0 times
Leota
2 months ago
True, option C does seem more focused on granting access to that specific file.
upvoted 0 times
...
Darell
2 months ago
D) Grant IAM Glue access to Amazon S3 in a resource-based policy that specifies the organization as the principal.
upvoted 0 times
...
Simona
2 months ago
A) Apply a user policy in the other accounts to allow IAM Glue and Athena to access the .csv file.
upvoted 0 times
...
Halina
2 months ago
C) Define an IAM Glue Data Catalog resource policy in IAM Glue to grant cross-account S3 object access to the .csv file.
upvoted 0 times
...
Fidelia
2 months ago
I think option C is more targeted specifically for granting access to the .csv file only.
upvoted 0 times
...
Stephaine
2 months ago
But wouldn't option D also work since it specifies the organization as the principal?
upvoted 0 times
...
Cheryl
2 months ago
I agree, option C seems like the most secure way to grant access to the .csv file.
upvoted 0 times
...
...
Magnolia
3 months ago
I disagree, I believe option D is the way to go as it specifies the organization as the principal for IAM Glue access to Amazon S3.
upvoted 0 times
...
Yolande
3 months ago
I think option C is the best solution because it allows cross-account access to the specific .csv file.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77