SCS-C02 Identity and Access Management • Set 11
SCS-C02 Identity and Access Management Practice Test 11 — 15 questions with explanations. Free, no signup.
A company has an AWS Lambda function that processes sensitive data stored in an Amazon S3 bucket. The Lambda function needs to read objects from the S3 bucket and write results to a different S3 bucket. The security engineer is configuring IAM permissions for the Lambda execution role. The engineer wants to follow the principle of least privilege. The Lambda function is triggered by S3 events from the source bucket. The engineer creates an IAM policy that grants s3:GetObject on the source bucket and s3:PutObject on the destination bucket. However, when testing, the Lambda function fails with an access denied error when trying to process an object. The error message indicates that the Lambda function does not have permission to list the objects in the source bucket. The engineer checks the S3 event notification configuration and confirms that the event is configured correctly. What should the engineer do to resolve the issue?