Q77 — AWS SCS-C02 Ch.1
Question 77 of 100 | ← Chapter 1
An AWS account includes two S3 buckets: bucket1 and bucket2. The bucket2 does not have a policy dened, but bucket1 has the following bucket policy: In addition, the same account has an IAM User named “alice”, with the following IAM policy. Which buckets can user “alice” access?
- A. bucket1 only
- B. bucket2 only
- C. Both bucket1 and bucket2 ✓
- D. Neither bucket1 nor bucket2
Correct Answer: C. Both bucket1 and bucket2
Explanation
AWS权限评估中,IAM策略和S3存储桶策略共同决定访问权限。默认情况下,所有请求被拒绝,除非显式允许。题目中,用户"alice"的IAM策略未具体说明,但根据答案推断其包含允许访问两个存储桶的权限。bucket1的存储桶策略未明确拒绝"alice",而bucket2无策略限制。IAM策略若授予必要权限(如s3:GetObject),结合存储桶策略未显式拒绝,"alice"可访问两者。参考AWS策略评估逻辑文档。选项C成立因IAM策略允许且无显式拒绝。