ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer Associate All Questions

View all questions & answers for the AWS Certified Developer Associate exam
Go to Exam

Exam AWS Certified Developer Associate topic 1 question 310 discussion

Exam question from Amazon's AWS Certified Developer Associate
Question #: 310
Topic #: 1
[All AWS Certified Developer Associate Questions]

An application stores financial statements in an Amazon S3 bucket. A recent security audit found that the bucket does not comply with company standards. Currently, several IAM policies allow encrypted calls and unencrypted calls to the bucket. The company needs to create a bucket policy that forces all requests to the bucket to use encrypted connections.

Which solution will meet this requirement?

  • A. Add a bucket policy with a condition of "aws:SecureTransport": "true" and an effect of "Allow."
  • B. Add a bucket policy with a resource of "am:aws:s3:::https/bucketname" and an effect of "Allow."
  • C. Add a bucket policy with a condition of "aws:SecureTransport": "false" and an effect of "Deny."
  • D. Add a bucket policy with a resource of "arn:aws:s3:::http/bucketname" and an effect of "Deny."
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by DrCloud at Nov. 24, 2022, 5:31 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
a15ce96
1 year, 3 months ago
Selected Answer: C
C because explicit denies are the strictest ones.
upvoted 1 times
...
AWSdeveloper08
1 year, 11 months ago
Selected Answer: C
As per AWS "Instead of using an explicit deny statement, the policy allows access to requests that meet the condition "aws:SecureTransport": "true". This statement allows anonymous access to s3:GetObject for all objects in the bucket if the request uses HTTPS. Avoid this type of bucket policy unless your use case requires anonymous access through HTTPS"
upvoted 1 times
...
rcaliandro
2 years ago
Selected Answer: C
I was going for A but taking a look to C as well because it seems to be really similar but they don't. It is suggested to add a deny statement with the condition of "aws:SecureTransport":"false". From amazon: " "aws:SecureTransport": "true". This statement allows anonymous access to s3:GetObject for all objects in the bucket if the request uses HTTPS. Avoid this type of bucket policy unless your use case requires anonymous access through HTTPS." Hence C is the correct one. Fonte: https://repost.aws/knowledge-center/s3-bucket-policy-for-config-rule
upvoted 1 times
...
davdan99
2 years, 4 months ago
Selected Answer: A
I think it is a Option A suggests adding a bucket policy with a condition of "aws:SecureTransport": "true" and an effect of "Allow." This policy ensures that all requests to the bucket are made over secure connections (HTTPS) by checking the "aws:SecureTransport" condition. If the condition is true, the effect of "Allow" is applied, and the request is allowed. If the condition is false, the effect of "Deny" is applied, and the request is denied. Option C suggests adding a bucket policy with a condition of "aws:SecureTransport": "false" and an effect of "Deny." This policy denies requests that are not made over secure connections, which is the opposite of what the company wants to achieve.
upvoted 1 times
...
k1kavi1
2 years, 7 months ago
Selected Answer: C
Agreed
upvoted 3 times
...
michaldavid
2 years, 7 months ago
Selected Answer: C
Correct
upvoted 1 times
...
DrCloud
2 years, 7 months ago
Ans: C https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel