A company's Security Engineer is copying all application logs to centralized Amazon S3 buckets.

Amazon Web Services SCS-C02 Question Answer

A company's Security Engineer is copying all application logs to centralized Amazon S3 buckets. Currently, each of the company's applications is in its own IAM account, and logs are pushed into S3 buckets associated with each account. The Engineer will deploy an IAMLambda function into each account that copies the relevant log files to the centralized S3 bucket.

The Security Engineer is unable to access the log files in the centralized S3 bucket. The Engineer's IAM user policy from the centralized account looks like this:

The centralized S3 bucket policy looks like this:

Why is the Security Engineer unable to access the log files?

The S3 bucket policy does not explicitly allow the Security Engineer access to the objects in the bucket.

The object ACLs are not being updated to allow the users within the centralized account to access the objects

The Security Engineers IAM policy does not grant permissions to read objects in the S3 bucket

The s3:PutObject and s3:PutObjectAcl permissions should be applied at the S3 bucket level

Amazon Web Services SCS-C02 View All Questions

Amazon Web Services SCS-C02 Summary

Vendor: Amazon Web Services
Product: SCS-C02
Update on: Aug 2, 2025
Questions: 417

Price: $52.5 ~~$149.99~~

Buy Now SCS-C02 PDF + Testing Engine Pack

A company is operating an open-source software platform that is internet facing.

A company needs to use HTTPS when connecting to its web applications to meet compliance...

Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmasmnth

A company's Security Engineer is copying all application logs to centralized Amazon S3 buckets.

The Answer Is:

Amazon Web Services SCS-C02 Summary

Payments We Accept

Contact Us