CRISC IT Risk Identification • Set 4
CRISC IT Risk Identification Practice Test 4 — 15 questions with explanations. Free, no signup.
Based on the exhibit, what risk is indicated by the IAM policy?
Refer to the exhibit.
Exhibit:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::corporate-data/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/8"
}
}
},
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::corporate-data/*",
"Principal": {
"AWS": "arn:aws:iam::123456789012:user/external-auditor"
}
}
]
}
```