ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 36 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 36
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A Security Administrator is configuring an Amazon S3 bucket and must meet the following security requirements:
✑ Encryption in transit
✑ Encryption at rest
✑ Logging of all object retrievals in AWS CloudTrail
Which of the following meet these security requirements? (Choose three.)

  • A. Specify ג€aws:SecureTransportג€: ג€trueג€ within a condition in the S3 bucket policy.
  • B. Enable a security group for the S3 bucket that allows port 443, but not port 80.
  • C. Set up default encryption for the S3 bucket.
  • D. Enable Amazon CloudWatch Logs for the AWS account.
  • E. Enable API logging of data events for all S3 objects.
  • F. Enable S3 object versioning for the S3 bucket.
Show Suggested Answer Hide Answer
Suggested Answer: ACE 🗳️
Reference:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/log-s3-data-events.html
by glead32 at May 23, 2019, 7:01 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sensor
Highly Voted 3 years, 2 months ago
Encryption in transit ->Specify "aws:SecureTransport": "true" within a condition in the S3 bucket policy. Encryption at rest -> Set up default encryption for the S3 bucket. Logging of all object retrievals in AWS CloudTrail --> Enable API logging of data events for all S3 objects. A,C,E
upvoted 49 times
TerrenceC
2 years ago
In terms of the point of encryption in transit, we could refer to the following post that clearly elaborates how-to. https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/
upvoted 2 times
...
...
Kamran
Highly Voted 3 years, 2 months ago
ACE is correct answer.
upvoted 20 times
...
mamila
Most Recent 1 year, 3 months ago
I ACEd this question!
upvoted 1 times
...
janvandermerwer
2 years, 1 month ago
Selected Answer: ACE
S3 - doesn't need 443 open to the world. Cloudwatch also isn't needed.
upvoted 1 times
...
sapien45
2 years, 3 months ago
Selected Answer: ACE
Encryption in transit ->Specify "aws:SecureTransport": "true" within a condition in the S3 bucket policy. Encryption at rest -> Set up default encryption for the S3 bucket. Logging of all object retrievals in AWS CloudTrail --> Enable API logging of data events for all S3 objects. A,C,E
upvoted 1 times
...
hk436
3 years, 1 month ago
ACE is my answer.!
upvoted 2 times
...
sanjaym
3 years, 1 month ago
Ans: ACE 100%
upvoted 1 times
...
NANDY666
3 years, 1 month ago
ACE Correct Answer
upvoted 2 times
...
ssala
3 years, 1 month ago
Correct Answers : A, C , E
upvoted 1 times
...
devjava
3 years, 1 month ago
Ans > A,C,E
upvoted 1 times
...
mahtab
3 years, 1 month ago
Should be A,C&E
upvoted 1 times
...
rip72
3 years, 1 month ago
B,D & F are all incorrect. B Security groups cannot be applied to a bucket & there are other protocols apart from http/https, SFTP for example. D is Cloudwatch. It is Cloudtrail we want to use F Versioning is not a requirement This leaves A for encryption in transit, C for at rest encryption & E to log data events in Cloudtrail
upvoted 2 times
...
AfricanCloudGuru
3 years, 1 month ago
Ans (A,C & E)
upvoted 2 times
...
deegadaze1
3 years, 1 month ago
https://docs.aws.amazon.com/AmazonS3/latest/user-guide/enable-cloudtrail-events.html When CloudTrail logging is turned on, CloudTrail captures API calls in your account and delivers the log files to the Amazon S3 bucket that you specify.
upvoted 1 times
...
avinasht
3 years, 1 month ago
ACE is correct.
upvoted 2 times
...
gfhbox0083
3 years, 1 month ago
A, C, E, for sure.
upvoted 2 times
...
awssecuritynewbie
3 years, 1 month ago
A,C & E for sure
upvoted 1 times
awssecuritynewbie
3 years, 1 month ago
the option " Enable Amazon CloudWatch Logs for the AWS account." does not make sense as cloudwatch logs do not contain S3 buckets only and we are talking about S3 buckets logs.
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago