ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 533 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 533
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

An image-hosting company stores its objects in Amazon S3 buckets. The company wants to avoid accidental exposure of the objects in the S3 buckets to the public. All S3 objects in the entire AWS account need to remain private.
Which solution will meet these requirements?

  • A. Use Amazon GuardDuty to monitor S3 bucket policies. Create an automatic remediation action rule that uses an AWS Lambda function to remediate any change that makes the objects public.
  • B. Use AWS Trusted Advisor to find publicly accessible S3 buckets. Configure email notifications in Trusted Advisor when a change is detected. Manually change the S3 bucket policy if it allows public access.
  • C. Use AWS Resource Access Manager to find publicly accessible S3 buckets. Use Amazon Simple Notification Service (Amazon SNS) to invoke an AWS Lambda function when a change is detected. Deploy a Lambda function that programmatically remediates the change.
  • D. Use the S3 Block Public Access feature on the account level. Use AWS Organizations to create a service control policy (SCP) that prevents IAM users from changing the setting. Apply the SCP to the account.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by KSM265 at Dec. 12, 2021, 6:47 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
LETSGETIT
Highly Voted 3 years, 5 months ago
Answer is D ladies and gentlemen. While guard duty helps to monitor s3 for potential threats its a reactive action. We should always be proactive and not reactive in our solutions so D, block public access to avoid any possibility of the info becoming publicly accessible
upvoted 28 times
...
Siddhartham
Highly Voted 3 years, 5 months ago
Selected Answer: D
https://aws.amazon.com/blogs/aws/amazon-s3-block-public-access-another-layer-of-protection-for-your-accounts-and-buckets/
upvoted 10 times
...
SanjiDiableJambe
Most Recent 2 years, 9 months ago
Selected Answer: D
100000000000000000000000000000%
upvoted 1 times
...
queen101
2 years, 10 months ago
DDDDDDDDDDDDDDDDDDD
upvoted 1 times
...
marklovesaws143
2 years, 10 months ago
Selected Answer: D
DDDDDDDDDDDDDDD
upvoted 1 times
...
Dimkaaa
2 years, 10 months ago
Selected Answer: D
The key phrase in this question is "must remain private". Only D fits.
upvoted 1 times
...
slcheng
2 years, 10 months ago
Selected Answer: D
Vote for D
upvoted 1 times
...
monazir
2 years, 11 months ago
Selected Answer: D
golden work public access
upvoted 1 times
...
naveenagurjara
2 years, 11 months ago
All S3 items in the AWS account as a whole must remain private. this is the crux. so its enough if we just NOT make it public and protect anyone from changing this setting. So.. D
upvoted 1 times
...
slcheng
2 years, 11 months ago
Selected Answer: D
Vote for D
upvoted 1 times
...
rsi610
3 years ago
The question does not talk of multiple AWS accounts. which is what D is talking of ( AWS Organization and SCP ). Hence D should not be the answer
upvoted 1 times
...
sailarg
3 years, 1 month ago
Selected Answer: D
I choose D
upvoted 1 times
...
12345aws
3 years, 2 months ago
Answer is D
upvoted 1 times
...
saifeddine92
3 years, 3 months ago
Selected Answer: D
answer is D
upvoted 1 times
...
Parth9
3 years, 4 months ago
Answer is D
upvoted 2 times
...
HazimSalim
3 years, 4 months ago
Answer is D
upvoted 1 times
...
envest
3 years, 4 months ago
IMO: A is correct, although S3 sec. config monitoring normally via CT or config. For pot. buckets made publicly accessible, Guard Duty monitors it specifically. Also, AWS recommends to engage S3 Guard duty: https://docs.aws.amazon.com/guardduty/latest/ug/s3_detection.html.
upvoted 1 times
adsdadasdad
3 years, 4 months ago
this guys is SPAMMING, mods please ban or remove
upvoted 3 times
user0001
3 years, 2 months ago
i agree , i've seen him/her doing the same for different questions
upvoted 1 times
...
...
adsdadasdad
3 years, 4 months ago
ANSWER IS D
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel