ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 705 discussion

Exam question from Amazon's AWS-SysOps
Question #: 705
Topic #: 1
[All AWS-SysOps Questions]

An organization stores sensitive customer in S3 buckets protected by bucket policies. Recently, there have been reports that unauthorized entities within the company have been trying to access the data on those S3 buckets. The Chief Information Security Officer (CISO) would like to know which buckets are being targeted and determine who is responsible for trying to access that information.
Which steps should a SysOps Administrator take to meet the CISO's requirement? (Choose two.)

  • A. Enable Amazon S3 Analytics on all affected S3 buckets to obtain a report of which buckets are being accessed without authorization.
  • B. Enable Amazon S3 Server Access Logging on all affected S3 buckets and have the logs stored in a bucket dedicated for logs.
  • C. Use Amazon Athena to query S3 Analytics report for HTTP 403 errors, and determine the IAM user or role making the requests.
  • D. Use Amazon Athena to query the S3 Server Access Logs for HTTP 403 errors, and determine the IAM user or role making the requests.
  • E. Use Amazon Athena to query the S3 Server Access Logs for HTTP 503 errors, and determine the IAM user or role making the requests.
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️
by jxhyxxclyp at Sept. 4, 2019, 11:05 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mukeshs
Highly Voted 1 year, 2 months ago
It should be B and D. S3 Analytics provides the access patterns or objects in different buckets and is not exposed.
upvoted 9 times
...
saumenP
Highly Voted 1 year, 2 months ago
BD seems to be logical
upvoted 8 times
...
antthomas
Most Recent 9 months, 1 week ago
Selected Answer: BD
s3 analytics can not be used since this features is for storage class access pattern for cost savings. HTTP Error 403 is access denied, so it will show who is denied to access the bucket.
upvoted 1 times
...
TroyMcLure
1 year, 1 month ago
Correct Answer: B & D
upvoted 1 times
...
alexsandroe
1 year, 1 month ago
BD are correct
upvoted 1 times
...
RicardoD
1 year, 2 months ago
B | D are the answers
upvoted 1 times
...
CL
1 year, 2 months ago
BD Reference:https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html
upvoted 1 times
...
sen12
1 year, 2 months ago
B&D makes more sense and more logical.
upvoted 1 times
...
karmaah
1 year, 2 months ago
I too agree B and D after little research. Note: s3 analytics can not be used since this features is for storage class access pattern for cost savings. Ans B and D having proper relations.
upvoted 4 times
...
Moon
1 year, 2 months ago
B& D: HTTP Error 403 is access denied, so it will show who is denied to access the bucket.
upvoted 5 times
...
jxhyxxclyp
1 year, 3 months ago
why not bd????
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel