A company must ensure that any objects uploaded to an S3 bucket are encrypted. Which of the following actions will meet this requirement? (Choose two.)
A.
Implement AWS Shield to protect against unencrypted objects stored in S3 buckets.
B.
Implement Object access control list (ACL) to deny unencrypted objects from being uploaded to the S3 bucket.
C.
Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored.
D.
Implement Amazon Inspector to inspect objects uploaded to the S3 bucket to make sure that they are encrypted.
E.
Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets.
C.- not required now.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html
Amazon S3 now applies server-side encryption with Amazon S3 managed keys (SSE-S3) as the base level of encryption for every bucket in Amazon S3. Starting January 5, 2023, all new object uploads to Amazon S3 are automatically encrypted.
E.-
https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html
The following example policy requires every object that is written to the bucket to be encrypted with server-side
encryption using AWS Key Management Service (AWS KMS) keys (SSE-KMS). If the object isn't encrypted with SSE-KMS, the
request will be denied.
{
"Version": "2012-10-17",
"Id": "PutObjPolicy",
"Statement": [{
"Sid": "DenyObjectsThatAreNotSSEKMS",
"Principal": "*",
"Effect": "Deny",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*",
"Condition": {
"Null": {
"s3:x-amz-server-side-encryption-aws-kms-key-id": "true"
}
}
}]
}
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
DAAJ
1 year agoTroyMcLure
2 years, 8 months agobinhdt2611
2 years, 8 months ago