A company's Security Engineer is copying all application logs to centralized Amazon S3 buckets. Currently, each of the company's application is in its own AWS account, and logs are pushed into S3 buckets associated with each account. The Engineer will deploy an AWS Lambda function into each account that copies the relevant log files to the centralized S3 bucket. The Security Engineer is unable to access the log files in the centralized S3 bucket. The Engineer's IAM user policy from the centralized account looks like this: 
The centralized S3 bucket policy looks like this: 
Why is the Security Engineer unable to access the log files?
A) The S3 bucket policy does not explicitly allow the Security Engineer access to the objects in the bucket.
B) The object ACLs are not being updated to allow the users within the centralized account to access the objects.
C) The Security Engineer's IAM policy does not grant permissions to read objects in the S3 bucket.
D) The s3:PutObject and s3:PutObjectAcl permissions should be applied at the S3 bucket level.
Correct Answer:
Verified
Q172: A security engineer received an Amazon GuardDuty
Q173: A company has decided to use encryption
Q174: A security engineer is setting up a
Q175: A Security Engineer creates an Amazon S3
Q176: Authorized Administrators are unable to connect to
Q178: A company has multiple AWS accounts that
Q179: A company's Information Security team wants to
Q180: A company has hundreds of AWS accounts,
Q181: Which of the following are valid configurations
Q182: A company is setting up products to
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents