ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 997 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 997
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company is using many Amazon S3 buckets to hold confidential data. Some of the S3 buckets are riot encrypted. The company wants to use AWS Key Management Service (AWS KMS) customer managed keys to encrypt the S3 buckets. The company wants a solution that will detect any S3 buckets that are not encrypted and apply AWS KMS encryption to each noncompliant S3 bucket.

Which solution will meet these requirements with the LEAST operational overhead?

  • A. Configure the s3-default-encryption-kms AWS Config managed rule with manual remediation to check for AWS KMS encryption on the S3 buckets. Modify the properties of the noncompliant S3 buckets to turn on AWS KMS encryption.
  • B. Configure a custom AWS Config rule with manual remediation to check for AWS KMS encryption on the S3 buckets. Modify the properties of the noncompliant buckets to turn on AWS KMS encryption.
  • C. Configure the s3-default-encryption-kms AWS Config managed rule. Create an automatic remediation script for the rule that will turn on AWS KMS encryption for any noncompliant buckets.
  • D. Configure a custom AWS Config rule to check for AWS KMS encryption on the S3 buckets. Create an automatic remediation script for the rule that will turn on AWS KMS encryption for any noncompliant buckets.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by ggrodskiy at Dec. 2, 2022, 2:11 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ebi
1 year, 4 months ago
C is the one
upvoted 1 times
...
SkyZeroZx
2 years ago
Selected Answer: C
https://docs.aws.amazon.com/config/latest/developerguide/s3-default-encryption-kms.html
upvoted 2 times
...
TajSidKazi
2 years, 3 months ago
C By configuring the s3-default-encryption-kms AWS Config managed rule, the solution can detect any S3 buckets that are not encrypted with AWS KMS encryption. The company can create an automatic remediation script for the rule that will turn on AWS KMS encryption for any noncompliant buckets, eliminating the need for manual remediation. This solution is easy to manage and update, as changes can be made to the remediation script and applied to all noncompliant buckets with minimal effort. Option C is therefore the best solution to meet the requirements with the least operational overhead.
upvoted 2 times
...
ggrodskiy
2 years, 7 months ago
Correct C. https://docs.aws.amazon.com/config/latest/developerguide/s3-default-encryption-kms.html
upvoted 4 times
ggrodskiy
2 years, 6 months ago
https://asecure.cloud/a/cfgrule_s3-default-encryption-kms/ https://docs.aws.amazon.com/config/latest/developerguide/s3-default-encryption-kms.html
upvoted 2 times
...
...
ggrodskiy
2 years, 7 months ago
D or B
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel