ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 234 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 234
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

What should a solutions architect do to ensure that all objects uploaded to an Amazon S3 bucket are encrypted?

  • A. Update the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set.
  • B. Update the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set to private.
  • C. Update the bucket policy to deny if the PutObject does not have an aws:SecureTransport header set to true.
  • D. Update the bucket policy to deny if the PutObject does not have an x-amz-server-side-encryption header set.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by jy00271070 at Nov. 2, 2020, 9:37 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
anpt
Highly Voted 3 years, 7 months ago
DDDDDDDDDDDDD
upvoted 24 times
...
jy00271070
Highly Voted 3 years, 8 months ago
D is ok: https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/#:~:text=Solution%20overview,console%2C%20CLI%2C%20or%20SDK.&text=To%20encrypt%20an%20object%20at,S3%2C%20or%20SSE%2DKMS.
upvoted 19 times
...
NSA_Poker
Most Recent 11 months, 4 weeks ago
Selected Answer: D
Deprecated question from SAA-C02 bc: Amazon S3 now applies server-side encryption with Amazon S3 managed keys (SSE-S3) as the base level of encryption for every bucket in Amazon S3. Starting January 5, 2023, all new object uploads to Amazon S3 are automatically encrypted at no additional cost and with no impact on performance. https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingServerSideEncryption.html You are not required to make any changes to your existing applications. Because default encryption is enabled for all of your buckets, all new objects uploaded to Amazon S3 are automatically encrypted. https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-encryption-faq.html
upvoted 1 times
...
BECAUSE
1 year, 11 months ago
Selected Answer: D
D is the answer
upvoted 1 times
...
alexsanteeno
2 years, 4 months ago
Selected Answer: D
https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingServerSideEncryption.html
upvoted 1 times
...
nickname20212021
3 years, 6 months ago
Passed the exam on 26th June, this question was on my test.
upvoted 9 times
...
Maddy_aws2020
3 years, 6 months ago
Passed the exam on 19th June 2021. This question appeared in my exam. Marking it for future help
upvoted 10 times
...
syu31svc
3 years, 6 months ago
D; purely based on "x-amz-server-side-encryption" in accordance to the qn on encryption
upvoted 7 times
...
KK_uniq
3 years, 6 months ago
D for sure "server-side-encryption"
upvoted 2 times
...
Yogi
3 years, 6 months ago
Ans=D. Update the bucket policy to deny if the PutObject does not have an x-amz-server-side-encryption header set.
upvoted 2 times
...
Atanu_M
3 years, 6 months ago
Ans. D - https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/
upvoted 4 times
...
Atanu_M
3 years, 7 months ago
AWS VPN is comprised of two services: AWS Site-to-Site VPN and AWS Client VPN. AWS Site-to-Site VPN enables you to securely connect your on-premises network or branch office site to your Amazon Virtual Private Cloud (Amazon VPC). AWS Client VPN enables you to securely connect users to AWS or on-premises networks. The Answer is D here , as it is talking about connecting two environments.
upvoted 1 times
Atanu_M
3 years, 6 months ago
Ignore this comment this is for the next question.
upvoted 2 times
...
...
y2kmarkham
3 years, 7 months ago
D should be
upvoted 1 times
...
massyg
3 years, 7 months ago
It's D
upvoted 1 times
...
Sanjeevlsg
3 years, 7 months ago
D. https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/
upvoted 4 times
aguy9
3 years, 7 months ago
Yep it clearly states D is correct in this link
upvoted 1 times
...
...
bangamut
3 years, 7 months ago
D is correct.
upvoted 1 times
...
sctmp
3 years, 8 months ago
It's D.
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago