ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 205 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 205
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company is designing a new website that hosts static content. The website will give users the ability to upload and download large files. According to company requirements, all data must be encrypted in transit and at rest. A solutions architect is building the solution by using Amazon S3 and Amazon CloudFront.

Which combination of steps will meet the encryption requirements? (Choose three.)

  • A. Turn on S3 server-side encryption for the S3 bucket that the web application uses.
  • B. Add a policy attribute of "aws:SecureTransport": "true" for read and write operations in the S3 ACLs.
  • C. Create a bucket policy that denies any unencrypted operations in the S3 bucket that the web application uses.
  • D. Configure encryption at rest on CloudFront by using server-side encryption with AWS KMS keys (SSE-KMS).
  • E. Configure redirection of HTTP requests to HTTPS requests in CloudFront.
  • F. Use the RequireSSL option in the creation of presigned URLs for the S3 bucket that the web application uses.
Show Suggested Answer Hide Answer
Suggested Answer: ACE 🗳️
by Roontha at May 26, 2023, 2:04 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SkyZeroZx
Highly Voted 1 year, 11 months ago
Selected Answer: ACE
Answer : ACE A) SSE S3 sounds good encript in rest data B) sounds good until say in ACLs is incorrect C) Bucket Policy avoid upload unencrypted is correct sounds good D) CloudFront with KMS ? why ? not seems E) HTTP redirect to HTTPS sounds good is clasic this case F) why ? not seems in this case
upvoted 19 times
...
Just_Ninja
Highly Voted 1 year, 11 months ago
Selected Answer: ACE
ACE. But A is deprecated :) because since the 05.01.2023 S3 use automatical atRest encryption for new objekts.
upvoted 6 times
dankositzke
1 year, 4 months ago
Right I would go with CEF for 2024 onwards
upvoted 2 times
...
...
khchan123
Most Recent 1 year, 3 months ago
Selected Answer: BCE
BCE You need B to enforce encryption in transit with S3. Other options cannot do that.
upvoted 1 times
helloworldabc
10 months, 1 week ago
just ACE
upvoted 1 times
...
...
Dgix
1 year, 3 months ago
Selected Answer: ACE
This question was obviously formulated before S3 buckets were encrypted by default.
upvoted 1 times
...
duriselvan
1 year, 6 months ago
A. Turn on S3 server-side encryption for the S3 bucket that the web application uses. D. Configure encryption at rest on CloudFront by using server-side encryption with AWS KMS keys (SSE-KMS). E. Configure redirection of HTTP requests to HTTPS requests in CloudFront. Here's why these steps are necessary: A. S3 server-side encryption: This encrypts data in the S3 bucket at rest, ensuring data confidentiality even if someone gains unauthorized access to the bucket. D. CloudFront SSE-KMS: This encrypts data in transit between CloudFront and the client, ensuring data confidentiality when users upload and download files. E. HTTP to HTTPS redirect: This ensures all communication between the client and CloudFront occurs over HTTPS, encrypting data in transit and preventing eavesdropping.
upvoted 2 times
...
career360guru
1 year, 7 months ago
Selected Answer: ACE
Options A, C , E
upvoted 1 times
...
task_7
1 year, 9 months ago
Selected Answer: ADE
A. Turn on S3 server-side encryption for the S3 bucket that the web application uses. D. Configure encryption at rest on CloudFront by using server-side encryption with AWS KMS keys (SSE-KMS). E. Configure redirection of HTTP requests to HTTPS requests in CloudFront. Data at rest encrypted for Both S3 and Cloudfront E for data in transit
upvoted 1 times
...
Simon523
1 year, 10 months ago
Selected Answer: ACE
How to Prevent Uploads of Unencrypted Objects to Amazon S3 https://aws.amazon.com/tw/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/
upvoted 2 times
...
RotterDam
1 year, 10 months ago
ACE but why not F?
upvoted 1 times
chikorita
1 year, 9 months ago
question nowhere mentions the use of pre-signed URLs if it was used in this scenario then it could potentially be one of the right answers
upvoted 3 times
kgpoj
10 months, 3 weeks ago
When you have pre-signed urls, you don't even necessarily need cloudFront
upvoted 1 times
...
...
...
Christina666
1 year, 11 months ago
Selected Answer: ACE
we don't have a "encrytion at rest" for cloudfront in the console
upvoted 1 times
...
NikkyDicky
1 year, 11 months ago
Selected Answer: ACE
A and C are a bit redundant. I'd pick D instead of C, but for ACL reference
upvoted 1 times
...
easytoo
2 years ago
a-d-e a-d-e a-d-e
upvoted 2 times
...
chathur
2 years ago
Selected Answer: ACE
Source: https://repost.aws/knowledge-center/s3-bucket-policy-for-config-rule B is wrong as "aws:SecureTransport": "true" does not deny 'http' traffic
upvoted 1 times
...
consultornetwork
2 years ago
Why not B?
upvoted 2 times
Jesuisleon
2 years ago
you should add "aws:SecureTransport": "true" in the S3 bucket policy not S3 ACL. see https://stackoverflow.com/questions/47815526/s3-bucket-policy-vs-access-control-list and " We recommend allowing only encrypted connections over HTTPS (TLS) by using the aws:SecureTransport condition in your Amazon S3 bucket policies" from https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html
upvoted 6 times
...
BabaP
2 years ago
Because C does just that
upvoted 1 times
...
chathur
2 years ago
https://repost.aws/knowledge-center/s3-bucket-policy-for-config-rule it is not enough
upvoted 1 times
...
...
andreitugui
2 years ago
Selected Answer: ACE
I will go with ACE
upvoted 2 times
...
Roontha
2 years, 1 month ago
Answer : ACE
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel