BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam SCS-C02 Topic 9 Question 8 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 8
Topic #: 9
[All SCS-C02 Questions]

A company has a guideline that mandates the encryption of all Amazon S3 bucket data in transit. A security engineer must implement an S3 bucket policy that denies any S3 operations if data is not encrypted.

Which S3 bucket policy will meet this requirement?

A.

B.

C.

D.

Show Suggested Answer Hide Answer
Suggested Answer: B

https://aws.amazon.com/blogs/security/how-to-use-bucket-policies-and-apply-defense-in-depth-to-help-secure-your-amazon-s3-data/


by Jose at Nov 21, 2023, 11:38 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Janet
7 months ago
Option C is interesting, but it's a bit more complex. It uses the 'aws:SecureTransport' condition for all actions, which is good, but it also has an additional 'aws:referer' condition. I'm not sure if that's necessary for this specific requirement.
upvoted 0 times
...
Karon
7 months ago
I'm not sure about Option B. It seems to only deny the 'GetObject' and 'PutObject' actions, but what about other operations like 'DeleteObject' or 'ListBucket'? We need a more comprehensive policy.
upvoted 0 times
...
Adaline
7 months ago
Option A looks promising. It denies all requests that don't have the 'aws:SecureTransport' condition set to 'true'. This should effectively enforce the encryption requirement.
upvoted 0 times
Giuseppe
6 months ago
Sounds like a plan, implementing either of those policies should keep our data secure in transit.
upvoted 0 times
...
Cordelia
7 months ago
Let's go with either Option A or Option C to meet the company's encryption guideline for the S3 bucket.
upvoted 0 times
...
Latonia
7 months ago
I agree, either of those options should help ensure all data in transit is encrypted.
upvoted 0 times
...
Patti
7 months ago
Option A and Option C both sound like good choices for enforcing encryption in the S3 bucket policy.
upvoted 0 times
...
Francesco
7 months ago
True, Option C also seems to meet the encryption requirement by denying non-encrypted requests.
upvoted 0 times
...
Earleen
7 months ago
But what about Option C? It explicitly denies any requests without the 's3:x-amz-server-side-encryption' condition.
upvoted 0 times
...
Angelo
7 months ago
I think Option A is the way to go. It enforces encryption for all requests.
upvoted 0 times
...
...
Stephen
7 months ago
Wow, this question is pretty straightforward. The company's guideline is clear - all S3 bucket data must be encrypted in transit, and the policy needs to deny any operations if the data is not encrypted. Let's take a closer look at the options.
upvoted 0 times
...

Save Cancel