MCQs on Bucket Policies and Permissions | Amazon AWS S3
Amazon S3 (Simple Storage Service) is a highly scalable, secure, and durable storage solution offered by AWS. To protect sensitive data and regulate access, S3 employs policies and permissions, including bucket policies, access control lists (ACLs), and IAM roles. This comprehensive quiz explores key concepts of S3 security and management.
Bucket Policies and Permissions | AWS S3
1. What is the primary purpose of a bucket policy in AWS S3?
a) To monitor bucket storage usage
b) To define access permissions for a bucket
c) To encrypt the bucket data
d) To backup bucket data
2. Which format is used to define bucket policies in S3?
a) YAML
b) XML
c) JSON
d) HTML
3. What is a bucket policy’s scope of impact?
a) Entire S3 service
b) A single S3 bucket and its objects
c) All regions in the AWS account
d) Only IAM users
4. Which principal can you specify in an S3 bucket policy?
a) IAM users and roles
b) Lambda functions only
c) EC2 instances only
d) CloudFormation templates
5. In a bucket policy, what does the “Effect” element specify?
a) The region to apply the policy
b) Whether the action is allowed or denied
c) The type of encryption for objects
d) The logging configuration
S3 Access Control: IAM Roles, Users, and Groups
6. Which of the following is true about IAM roles in S3 access?
a) They are associated only with S3 buckets.
b) They provide temporary security credentials.
c) They are used only for individual users.
d) They do not require policies to function.
7. IAM users are best suited for:
a) Granting temporary access to external applications
b) Long-term access for human users
c) Managing cross-account roles
d) Automating CI/CD pipelines
8. Groups in IAM are useful because:
a) They simplify assigning permissions to multiple users
b) They allow direct bucket management
c) They are region-specific access managers
d) They can act as resource-level permissions
9. Which AWS service helps to create fine-grained policies for S3?
a) Lambda
b) CloudWatch
c) IAM
d) Route 53
10. What happens when an IAM user tries to access a bucket without permissions?
a) Access is automatically granted
b) Access is denied with an error message
c) Access is temporarily allowed for evaluation
d) The bucket becomes public
Understanding Bucket Policies and ACLs
11. What is a key difference between bucket policies and ACLs?
a) Bucket policies are user-based, ACLs are resource-based
b) Bucket policies allow more fine-grained control than ACLs
c) ACLs support only private buckets
d) ACLs are region-specific
12. How are S3 ACLs structured?
a) In YAML format
b) As a list of grants defining permissions for entities
c) As a set of CloudFormation templates
d) Using Route 53 configurations
13. Which type of permission is not directly configurable via ACLs?
a) Read
b) Write
c) Manage lifecycle policies
d) Read ACL
14. What is a “grantee” in the context of S3 ACLs?
a) An IAM policy
b) An entity granted specific permissions
c) A region-specific bucket manager
d) A bucket encryption standard
15. Which of the following can you specify in a bucket ACL?
a) IAM roles
b) Predefined groups like “Authenticated Users”
c) Bucket policies
d) API Gateway permissions
Public and Private Access Management
16. What AWS feature blocks public access to all buckets and objects?
a) Bucket ACLs
b) Block Public Access Settings
c) IAM group policies
d) CloudTrail
17. Which is a sign of a public bucket in AWS?
a) The bucket has an ACL with “Everyone” as a grantee.
b) The bucket resides in a public region.
c) The bucket has encryption enabled.
d) The bucket is only accessible via CloudFront.
18. How can you restrict access to a specific IP address for an S3 bucket?
a) Use a VPC endpoint
b) Configure an S3 bucket policy
c) Create a Lambda function
d) Enable cross-origin resource sharing
19. When would you make an S3 bucket public intentionally?
a) For storing sensitive company data
b) For hosting a static website
c) To perform real-time analytics
d) To back up EC2 instances
20. What happens when both bucket policies and block public access are applied?
a) Block public access overrides bucket policies.
b) Bucket policies override block public access settings.
c) They both apply equally.
d) None of the above.
Answer Key
| QNo | Answer |
|---|---|
| 1 | b) To define access permissions for a bucket |
| 2 | c) JSON |
| 3 | b) A single S3 bucket and its objects |
| 4 | a) IAM users and roles |
| 5 | b) Whether the action is allowed or denied |
| 6 | b) They provide temporary security credentials |
| 7 | b) Long-term access for human users |
| 8 | a) They simplify assigning permissions to multiple users |
| 9 | c) IAM |
| 10 | b) Access is denied with an error message |
| 11 | b) Bucket policies allow more fine-grained control than ACLs |
| 12 | b) As a list of grants defining permissions for entities |
| 13 | c) Manage lifecycle policies |
| 14 | b) An entity granted specific permissions |
| 15 | b) Predefined groups like “Authenticated Users” |
| 16 | b) Block Public Access Settings |
| 17 | a) The bucket has an ACL with “Everyone” as a grantee. |
| 18 | b) Configure an S3 bucket policy |
| 19 | b) For hosting a static website |
| 20 | a) Block public access overrides bucket policies. |