For the question "You have created a new S3 bucket and you would like to configure read and write access to this bucket, only for users who are members of the Development, Test and QA teams. Each team has a different IAM Group defined in AWS. Which of the following is the simplest way to configure this?" I think the answer "Use a bucket policy to allow read and write access to the Development, Test and QA IAM groups" is technically incorrect because one cannot reference IAM groups as a Principal in a Bucket Policy (?). See https://forums.aws.amazon.com/message.jspa?messageID=356160 and https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html
Thanks, I’ll check that question and see if we can re-word it! Thanks for commenting!