SAP-C02 • Practice Test 31
Free SAP-C02 practice test — 15 questions with explanations. Set 31. No signup required.
A security engineer created the S3 bucket policy shown in the exhibit. The policy is intended to allow the role MyAppRole to get objects only if they are encrypted with SSE-S3. However, the role is getting access denied errors when trying to get objects that are encrypted with SSE-S3. What is the most likely cause?
Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket/*",
"Principal": {
"AWS": "arn:aws:iam::123456789012:role/MyAppRole"
},
"Condition": {
"StringEquals": {
"s3:x-amz-server-side-encryption": "AES256"
}
}
}
]
}