ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 990 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 990
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company has an Amazon S3 bucket that contains millions of unencrypted objects. To comply with a recent security audit, a solutions architect needs to ensure that all objects are encrypted and needs to compile a list of objects that contain sensitive data. Many applications access objects in the S3 bucket, and the development team has limited resources.

Which solution will meet these requirements with the LEAST development effort?

  • A. Run an Amazon Inspector report on the S3 bucket to identify sensitive data. Create a new S3 bucket with default encryption enabled. Transfer the unencrypted objects to the new S3 bucket. Update the applications to access the new S3 bucket.
  • B. Run an Amazon Macie report on the S3 bucket to identify sensitive data. Create a new S3 bucket with default encryption enabled. Transfer the unencrypted objects to the new S3 bucket. Update the applications to access the new S3 bucket.
  • C. Run an Amazon Inspector report against the S3 bucket to identify sensitive data. Modify the S3 bucket to enable default encryption. Use an Amazon S3 Inventory report and Amazon S3 Batch Operations to encrypt the existing unencrypted objects in the same S3 bucket.
  • D. Run an Amazon Macie report on the S3 bucket to identify sensitive data. Modify the S3 bucket to enable default encryption. Use an S3 Inventory report and S3 Batch encrvnt the existing unencrypted objects in the same S3 bucket.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by ggrodskiy at Dec. 4, 2022, 7:33 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ebi
1 year, 4 months ago
D is correct. B and D both make sense, but the key is "development team has limited resources", B needs updating application to point to new bucket.
upvoted 1 times
...
3a632a3
1 year, 5 months ago
Selected Answer: D
" Many applications access objects in the S3 bucket, and the development team has limited resources." - every app would need to be updated for B. Even if the bucket name is a config value there are still IAM permissions and every app would need to be tested to ensure it is working properly.
upvoted 1 times
...
Pr44
1 year, 9 months ago
Selected Answer: D
D is better to reduce complexity. Why we go with new bucket if we can solve the issue using existing bucket itselk.
upvoted 2 times
...
ggrodskiy
1 year, 12 months ago
Correct D.
upvoted 3 times
...
SkyZeroZx
1 year, 12 months ago
Selected Answer: D
Think while B works, the answer should be D as using Batch operations is the "new" AWS recommended approach for this usecase.
upvoted 2 times
...
dev112233xx
2 years, 2 months ago
Selected Answer: B
B is correct
upvoted 1 times
vn_thanhtung
1 year, 10 months ago
Besides, you also have to setup S3 accordingly
upvoted 1 times
...
vn_thanhtung
1 year, 10 months ago
https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html#:~:text=You%20can%20use,of%20your%20bucket. With B require development effort change code ? One Again are you dev ?
upvoted 1 times
...
...
hobokabobo
2 years, 3 months ago
Selected Answer: D
Think while B works, the answer should be D as using Batch operations is the "new" AWS recommended approach for this usecase.
upvoted 3 times
...
Watascript
2 years, 3 months ago
Selected Answer: D
D is correct. "LEAST development effort"
upvoted 1 times
...
andras
2 years, 4 months ago
Selected Answer: D
no need for a new bucket I think https://spin.atomicobject.com/2020/09/15/aws-s3-encrypt-existing-objects/ https://aws.amazon.com/blogs/storage/encrypting-objects-with-amazon-s3-batch-operations/
upvoted 1 times
...
Kende
2 years, 6 months ago
Selected Answer: B
"B" is the one.
upvoted 2 times
...
due
2 years, 6 months ago
Selected Answer: B
list of objects that contain sensitive data = Macie. , ensure that all objects are encrypted = Move to new S3 default encryption enabled.
upvoted 4 times
MikelH93
2 years, 1 month ago
false to ensure all objects are encrypted you can turn on encryption in the bucket and use s3 batch to copy all unencrypted objetcs in the same bucket. https://aws.amazon.com/fr/blogs/storage/encrypting-objects-with-amazon-s3-batch-operations/ "The easiest way to encrypt this set of objects is by using the put copy operation and specifying the same destination prefix as the objects listed in the manifest. "
upvoted 1 times
Jesuisleon
2 years, 1 month ago
B and D are both feasible but I think D is better based on " the development team has limited resources".
upvoted 2 times
...
...
...
ggrodskiy
2 years, 7 months ago
Correct B. Amazon Macie generates findings when it detects potential policy violations or issues with the security or privacy of your Amazon Simple Storage Service (Amazon S3) buckets, or it discovers sensitive data in S3 objects. A finding is a detailed report of a potential issue or sensitive data that Macie found. Each finding provides a severity rating, information about the affected resource, and additional details, such as when and how Macie found the issue or data. Macie stores your policy and sensitive data findings for 90 days.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel