Which of the following meet these security requirements?

– by 2

A Security Administrator is configuring an Amazon S3 bucket and must meet the following security requirements:
▪ Encryption in transit
▪ Encryption at rest
▪ Logging of all object retrievals in AWS CloudTrail
Which of the following meet these security requirements? (Choose three.)
A. Specify “aws:SecureTransport”: “true” within a condition in the S3 bucket policy.
B. Enable a security group for the S3 bucket that allows port 443, but not port 80.
C. Set up default encryption for the S3 bucket.
D. Enable Amazon CloudWatch Logs for the AWS account.
E. Enable API logging of data events for all S3 objects.
F. Enable S3 object versioning for the S3 bucket.

amazon-exams

2 thoughts on “Which of the following meet these security requirements?

  1. ACE is the correct choice. A ensures Secure Transport. you are right about that. Cloudtrail needs to be enabled (which means API logging needs to be enabled). Default encryption ensures AWS Managed keys are used for encryption.

    9
    Reply

  2. Versioning will not support any requirements of the aforementioned.
    A. Specify “aws:SecureTransport”: “true” within a condition in the S3 bucket policy.
    A does guarantee that all the data stored on S3 or retrieved from S3 is actually coming from https or a secure transport. Hence the correct answer is ACD

    1
    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.