Refer to the exhibit. A security administrator implements this S3 bucket policy to restrict access to the bucket 'my-bucket'. What type of condition is being used?
Condition key is IpAddress.
Why this answer
The condition in the S3 bucket policy uses the `IpAddress` condition key to restrict access based on the requester's IP address. This is explicitly an IP address condition, which evaluates the source IP of the request against the specified CIDR range. Option B is correct because the `aws:SourceIp` key is only valid with the `IpAddress` (or `NotIpAddress`) condition operator.
Exam trap
Cisco often tests the distinction between the condition key (`aws:SourceIp`) and the condition operator (`IpAddress`), leading candidates to confuse it with a String condition because the IP address is a string value.
How to eliminate wrong answers
Option A is wrong because a String condition uses operators like `StringEquals` or `StringLike` to compare string values, not IP addresses. Option C is wrong because a Bool condition uses the `Bool` operator to check boolean values like `aws:SecureTransport` true/false, not IP ranges. Option D is wrong because a Numeric condition uses operators like `NumericEquals` or `NumericLessThan` to compare numbers, not IP addresses.