Amazon Exam SOA-C02 Topic 3 Question 12 Discussion

Actual exam question for Amazon's SOA-C02 exam

Question #: 12
Topic #: 3

An Amazon S3 Inventory report reveals that more than 1 million objects in an S3 bucket are not encrypted.

These objects must be encrypted, and all future objects must be encrypted at the time they are written.

Which combination of actions should a SysOps administrator take to meet these requirements? (Choose two.)

ACreate an AWS Config rule that runs evaluations against configuration changes to the S3 bucket. When an
unencrypted object is found, run an AWS Systems Manager Automation document to encrypt the object in
place.

BEdit the properties of the S3 bucket to enable default server-side encryption.

CFilter the S3 Inventory report by using S3 Select to find all objects that are not encrypted. Create an S3
Batch Operations job to copy each object in place with encryption enabled.

DFilter the S3 Inventory report by using S3 Select to find all objects that are not encrypted. Send each object
name as a message to an Amazon Simple Queue Service (Amazon SQS) queue. Use the SQS queue to
invoke an AWS Lambda function to tag each object with a key of 'Encryption' and a value of 'SSE-KMS'.

EUse S3 Event Notifications to invoke an AWS Lambda function on all new object-created events for the S3
bucket. Configure the Lambda function to check whether the object is encrypted and to run an AWS
Systems Manager Automation document to encrypt the object in place when an unencrypted object is
found.

Show Suggested Answer

Suggested Answer: B, E

by Alishia at May 07, 2022, 12:17 PM

Limited Time Offer

25%

Off

Get Premium SOA-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!