Exam AWS Certified Security - Specialty topic 1 question 430 discussion

Exam question from Amazon's AWS Certified Security - Specialty

Question #: 430
Topic #: 1

[All AWS Certified Security - Specialty Questions]

A company that builds document management systems recently performed a security review of its application on AWS. The review showed that uploads of documents through signed URLs into Amazon S3 could occur in the application without encryption in transit. A security engineer must implement a solution that prevents uploads that are not encrypted in transit.

Which solution will meet this requirement?

A. Ensure that all client implementations are using HTTPS to upload documents into the application.
B. Configure the s3-bucket-ssl-requests-only managed rule in AWS Config.
C. Add an S3 bucket policy that denies all S3 actions for condition “aws:secureTransport”: “false”.
D. Add an S3 bucket ACL with a grantee of AllUsers, a permission of WRITE, and a condition of secureTransport.

Show Suggested Answer

Suggested Answer: C 🗳️

by luisfsm_111 at Nov. 23, 2022, 12:51 p.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Submit Cancel

AdamWest

Highly Voted 2 years, 6 months ago

Selected Answer: C

C - the following bucket policy complies with the rule. The policy explicitly denies all actions on the bucket and objects when the request meets the condition "aws:SecureTransport": "false": "Effect": "Deny", "Resource": [ "arn:aws:s3:::DOC-EXAMPLE-BUCKET", "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*" ], "Condition": { "Bool": { "aws:SecureTransport": "false" You might want to pick B but do not - B will check for compliancy only not enforcement. C is enforcement.

upvoted 5 times