Exam AWS-SysOps topic 1 question 555 discussion

C is correct answer https://rhinosecuritylabs.com/aws/s3-ransomware-part-2-prevention-and-defense/ Method #4

To protect against ransomware attacks, enabling server-side encryption (option B) is more relevant. It ensures that the data stored in the bucket is encrypted at rest, making it difficult for attackers to gain access to sensitive information even if they manage to infiltrate the system. Additionally, implementing strong access controls, monitoring for unusual activity, and regularly backing up data are other important measures to protect against ransomware attacks.

C is WRONG!!! --- The answer is D. Versioning is a means of keeping multiple variants of an object IN THE SAME bucket. Replication actually transports your data into another bucket in another region even into another AWS account..

C seems good option here. Bucket versioning (although removing delete marker is possible but will add more calls), and/or turning on object lock. Using cloudtrail we can get details on object PUT, GET, and DELETE actions. In addition turn on Guardduty for s3 protection

Correct Answer: C https://docs.aws.amazon.com/wellarchitected/latest/financial-services-industry-lens/use-amazon-s3-object-lock.html "In conjunction with S3 Versioning, which protects objects from being overwritten, you’re able to ensure that objects remain immutable for as long as S3 Object Lock protection is applied. "

B is wrong: Having already encrypted data does not mean you can't encrypt them again I vote for C

Answer: C Reason: When versioning is enabled for a bucket, each new operation on the object inside the bucket creates a new version for it. Even encrypting an existing object will create a new version of it while the previous version would be un-encrypted and un-modified. This defeats ransomware infections as each time the object is encrypted, a new encrypted copy of the object is created while the previous one is preserved.

Number one defense against Ransomware is "BACKUP" and "BACKUP". The interest of the intruder is not to read your data but to deny you access. They could still encrypt encrypted data. Ans is C - With Visioning

B, Even if someone access file it will be encrypted and they cannot use it to ransom. I don't think C is correc. What if latest version is totally different from last version ?

The answer is C, versioning. You can't hold a file ransom if I have the last version.

https://rhinosecuritylabs.com/aws/s3-ransomware-part-1-attack-vector/ https://rhinosecuritylabs.com/aws/s3-ransomware-part-2-prevention-and-defense/

B seems correct. They cant encypt your data if it is already encrypted.

I don't think B is correct. Encryption just prevent attackers to make sense of your data but won't prevent fron encrypting the encrypted data. For me it is between A and C.

C because Post is not a bucket action

C - According to the gents from Tutorials Dojo

C looks a better option to me. Since we can have multiple versions of objects, so they can be protected and also easily recovered in case if we need to.

C should be correct if you have versioning enabled and you remove all files or someone will encrypt the files you still have old version in bucket. You are not able remove the bucket from cli or list the versioned files. To see or remove the files you have to log to s3 bucket via console. I just saw on udemy from example. If you want be doble sure MFA enable will prevent deletation versioned files from aws console