Amazon SAP-C02 Exam - Topic 10 Question 5 Discussion

Actual exam question for Amazon's SAP-C02 exam

Question #: 5
Topic #: 10

A health insurance company stores personally identifiable information (PII) in an Amazon S3 bucket. The company uses server-side encryption with S3 managed encryption keys (SSE-S3) to encrypt the objects. According to a new requirement, all current and future objects in the S3 bucket must be encrypted by keys that the company's security team manages. The S3 bucket does not have versioning enabled.

Which solution will meet these requirements?

AIn the S3 bucket properties, change the default encryption to SSE-S3 with a customer managed key. Use the AWS CLI to re-upload all objects in the S3 bucket. Set an S3 bucket policy to deny unencrypted PutObject requests.

BIn the S3 bucket properties, change the default encryption to server-side encryption with AWS KMS managed encryption keys (SSE-KMS). Set an S3 bucket policy to deny unencrypted PutObject requests. Use the AWS CLI to re-upload all objects in the S3 bucket.

CIn the S3 bucket properties, change the default encryption to server-side encryption with AWS KMS managed encryption keys (SSE-KMS). Set an S3 bucket policy to automatically encrypt objects on GetObject and PutObject requests.

DIn the S3 bucket properties, change the default encryption to AES-256 with a customer managed key. Attach a policy to deny unencrypted PutObject requests to any entities that access the S3 bucket. Use the AWS CLI to re-upload all objects in the S3 bucket.

Show Suggested Answer

Suggested Answer: D

by Lucina at Dec 28, 2022, 02:25 AM

Limited Time Offer

25%

5 months ago

Okay, let's see. The question is asking for the EXCEPTION, so I need to find the pricing method that is not mentioned in the other options. Negotiation, financial statements, and outside appraisal are all covered. I'll go with D, ambiguity as to the valuation date.

upvoted 0 times

...