CRISC • Practice Test 21
Free CRISC practice test — 15 questions with explanations. Set 21. No signup required.
An S3 bucket policy is configured as shown. During a monitoring review, the risk practitioner notices that the 'DenyAll' policy is never evaluated because of an explicit allow? What is the MOST likely monitoring gap?
Refer to the exhibit.
{
"policies": [
{"sid": "AllowRead", "effect": "Allow", "principal": "*", "action": ["s3:GetObject"], "resource": "arn:aws:s3:::critical-data/*", "condition": {"IpAddress": {"aws:SourceIp": "10.0.0.0/8"}}},
{"sid": "DenyAll", "effect": "Deny", "principal": "*", "action": ["s3:*"], "resource": "arn:aws:s3:::critical-data/*"}
]
}