AWS Certified Cloud Practitioner — Question 675

A company stores data in an Amazon S3 bucket The company must control who has permission to read, write, or delete objects that the company stores in the S3 bucket.

Which AWS features will meet these requirements? (Choose two.)

Answer options

• A. Security groups
• B. Network ACLs
• C. S3 bucket policies
• D. IAM user policies
• E. S3 bucket versioning

Correct answer: C, D

Explanation

Amazon S3 bucket policies and IAM user policies are access control mechanisms that allow administrators to define permissions for reading, writing, and deleting objects in an S3 bucket. Security groups and Network ACLs are network-level firewalls that control traffic to and from network resources, not S3 object permissions. S3 bucket versioning is used to preserve, retrieve, and restore every version of every object stored in a bucket, rather than managing access permissions.