ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS DevOps Engineer Professional All Questions

View all questions & answers for the AWS DevOps Engineer Professional exam
Go to Exam

Exam AWS DevOps Engineer Professional topic 1 question 37 discussion

Exam question from Amazon's AWS DevOps Engineer Professional
Question #: 37
Topic #: 1
[All AWS DevOps Engineer Professional Questions]

A company is building a solution for storing files containing Personally Identifiable Information (PII) on AWS.
Requirements state:
✑ All data must be encrypted at rest and in transit.
✑ All data must be replicated in at least two locations that are at least 500 miles (805 kilometers) apart.
Which solution meets these requirements?

  • A. Create primary and secondary Amazon S3 buckets in two separate Availability Zones that are at least 500 miles (805 kilometers) apart. Use a bucket policy to enforce access to the buckets only through HTTPS. Use a bucket policy to enforce Amazon S3 SSE-C on all objects uploaded to the bucket. Configure cross- region replication between the two buckets.
  • B. Create primary and secondary Amazon S3 buckets in two separate AWS Regions that are at least 500 miles (805 kilometers) apart. Use a bucket policy to enforce access to the buckets only through HTTPS. Use a bucket policy to enforce S3-Managed Keys (SSE-S3) on all objects uploaded to the bucket. Configure cross-region replication between the two buckets.
  • C. Create primary and secondary Amazon S3 buckets in two separate AWS Regions that are at least 500 miles (805 kilometers) apart. Use an IAM role to enforce access to the buckets only through HTTPS. Use a bucket policy to enforce Amazon S3-Managed Keys (SSE-S3) on all objects uploaded to the bucket. Configure cross-region replication between the two buckets.
  • D. Create primary and secondary Amazon S3 buckets in two separate Availability Zones that are at least 500 miles (805 kilometers) apart. Use a bucket policy to enforce access to the buckets only through HTTPS. Use a bucket policy to enforce AWS KMS encryption on all objects uploaded to the bucket. Configure cross-region replication between the two buckets. Create a KMS Customer Master Key (CMK) in the primary region for encrypting objects.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by lmimi at Sept. 20, 2022, 4:41 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Piccaso
2 years, 3 months ago
Selected Answer: B
A and D are excluded because we need two regions. The difference between B and C is to use "IAM role" or "bucket policy" to enforce access only through HTTPS. Bucket policy is responsible for this type of jobs. Reference: https://repost.aws/knowledge-center/s3-bucket-policy-for-config-rule
upvoted 3 times
...
Bulti
2 years, 3 months ago
B us the right answer.
upvoted 1 times
...
saeidp
2 years, 4 months ago
B is correct
upvoted 1 times
...
DonWang
2 years, 5 months ago
Selected Answer: B
I choose B
upvoted 1 times
...
animalrj
2 years, 7 months ago
Selected Answer: B
As its in another region and has encryption and replication.
upvoted 1 times
...
Goozian
2 years, 7 months ago
Selected Answer: B
B https://www.examtopics.com/discussions/amazon/view/2753-exam-aws-devops-engineer-professional-topic-1-question-69/
upvoted 2 times
...
Goozian
2 years, 7 months ago
Selected Answer: B
Cross "Region" replication -
upvoted 2 times
...
lmimi
2 years, 7 months ago
B for sure
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago