SAP-C02 Design for New Solutions • Set 31
SAP-C02 Design for New Solutions Practice Test 31 — 15 questions with explanations. Free, no signup.
Refer to the exhibit. A company has an S3 bucket policy that allows GetObject access from two IP ranges (10.0.0.0/16 and 192.168.0.0/16). The policy also denies all S3 actions on the 'confidential/' prefix unless the request comes from the 10.0.0.0/16 range. Which of the following statements is true?
Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"10.0.0.0/16",
"192.168.0.0/16"
]
}
}
},
{
"Effect": "Deny",
"Action": "s3:*",
"Resource": "arn:aws:s3:::example-bucket/confidential/*",
"Condition": {
"NotIpAddress": {
"aws:SourceIp": "10.0.0.0/16"
}
}
}
]
}