Which of the following statements about this S3 bucket policy is true?
A.
Denies the server with the IP address 192 168 100 0 full access to the “mybucket” bucket
B.
Denies the server with the IP address 192 168 100 188 full access to the “mybucket” bucket
C.
Grants all the servers within the 192 168 100 0/24 subnet full access to the “mybucket” bucket
D.
Grants all the servers within the 192 168 100 188/32 subnet full access to the “mybucket”
bucket
B is correct because deny always take precedence.
C can be answer if it says grant all servers in 192.168.100.0/24 subnet except 192.168.100.188
Isnt the answer D? Allow everything from .188/32?
B
Condition Operator Description
IpAddress
The specified IP address or range
NotIpAddress
All IP addresses except the specified IP address or range
correct answer should be b and c
http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html
http://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html
A and D are just plain wrong. B is correct. C is incorrect because that entire network also contains the IP of the denied server.
B
Ans: B (Check #10: https://blog.cloudthat.com/10-trial-questions-for-aws-sysops-administrator-associate-certification/)
Ans: B (Check #10: https://blog.cloudthat.com/10-trial-questions-for-aws-sysops-administrator-associate-certification/)
C can be answer if it says grant all servers in 192.168.100.0/24 subnet except 192.168.100.188