ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer Associate All Questions

View all questions & answers for the AWS Certified Developer Associate exam
Go to Exam

Exam AWS Certified Developer Associate topic 1 question 198 discussion

Exam question from Amazon's AWS Certified Developer Associate
Question #: 198
Topic #: 1
[All AWS Certified Developer Associate Questions]

A company has an Amazon S3 bucket that contains sensitive data. The data must be encrypted in transit and at rest. The company encrypts the data in the S3 bucket by using an AWS Key Management Service (AWS KMS) key. A developer needs to grant several other AWS accounts the permission to use the S3 GetObject operation to retrieve the data from the S3 bucket.

How can the developer enforce that all requests to retrieve the data provide encryption in transit?

  • A. Define a resource-based policy on the S3 bucket to deny access when a request meets the condition "aws:SecureTransport": "false".
  • B. Define a resource-based policy on the S3 bucket to allow access when a request meets the condition "aws:SecureTransport": "false".
  • C. Define a role-based policy on the other accounts' roles to deny access when a request meets the condition of "aws:SecureTransport": "false".
  • D. Define a resource-based policy on the KMS key to deny access when a request meets the condition of "aws:SecureTransport": "false".
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by k1kavi1 at Nov. 25, 2022, 10:29 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rcaliandro
2 years ago
Selected Answer: A
I will go with A as well. Even if we have specific users, we have to stabilish a policy on the S3 bucket to deny all the requests that have "aws:SecureTransport":"false"
upvoted 1 times
...
RajinderKaur
2 years, 3 months ago
Answer is C https://repost.aws/knowledge-center/cross-account-access-s3 Cross-account IAM roles for programmatic and console access to S3 bucket objects
upvoted 1 times
...
MMaquis
2 years, 4 months ago
Selected Answer: A
A. Define a resource-based policy on the S3 bucket to deny access when a request meets the condition "aws:SecureTransport": "false". This option is the correct solution to enforce that all requests to retrieve the data provide encryption in transit. By defining a resource-based policy on the S3 bucket, you can specify the "aws:SecureTransport" condition to deny access to any request that does not use encryption in transit. This ensures that all requests to retrieve the data are encrypted in transit, which is a requirement for the sensitive data stored in the S3 bucket. Option C is also incorrect because it only applies to the other accounts' roles, and not to all requests to retrieve the data.
upvoted 1 times
...
pancman
2 years, 4 months ago
Selected Answer: A
A is correct
upvoted 1 times
...
Rups79
2 years, 4 months ago
Selected Answer: C
Question says "other AWS accounts"
upvoted 1 times
pancman
2 years, 4 months ago
Doesn't matter. C doesn't provide the expected solution
upvoted 1 times
...
...
ShriniW
2 years, 4 months ago
Selected Answer: A
A is the right , why C is highlighted its wrong
upvoted 1 times
...
michaldavid
2 years, 7 months ago
Selected Answer: A
aaaaaaaaa
upvoted 2 times
...
k1kavi1
2 years, 7 months ago
Selected Answer: A
https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel