New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SCS-C02 Exam - Topic 9 Question 8 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 8
Topic #: 9
[All SCS-C02 Questions]

A company has a guideline that mandates the encryption of all Amazon S3 bucket data in transit. A security engineer must implement an S3 bucket policy that denies any S3 operations if data is not encrypted.

Which S3 bucket policy will meet this requirement?

A.

B.

C.

D.

Show Suggested Answer Hide Answer
Suggested Answer: B

https://aws.amazon.com/blogs/security/how-to-use-bucket-policies-and-apply-defense-in-depth-to-help-secure-your-amazon-s3-data/


by Jose at Nov 21, 2023, 11:38 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Karan
2 months ago
Not sure about that, Option A seems more straightforward.
upvoted 0 times
...
Chauncey
2 months ago
I think Option D is the best choice here!
upvoted 0 times
...
Maia
2 months ago
Option B looks solid for enforcing encryption.
upvoted 0 times
...
Belen
3 months ago
Definitely need to prioritize encryption in transit!
upvoted 0 times
...
Sherman
3 months ago
Wait, does this really cover all S3 operations?
upvoted 0 times
...
Mammie
3 months ago
This is a good test of my understanding of S3 bucket policies. I'll methodically go through each option and evaluate how well it aligns with the stated guideline.
upvoted 0 times
...
Elin
3 months ago
I'm a little confused by the wording of the question. Let me re-read it carefully and make sure I understand the exact requirement before selecting an answer.
upvoted 0 times
...
Linwood
4 months ago
Okay, I've got this. The key is to look for the policy that explicitly denies any S3 operations if the data is not encrypted in transit. I think I know the right answer.
upvoted 0 times
...
Ty
4 months ago
Hmm, I'm a bit unsure about this one. The policy options seem similar, so I'll need to really analyze the details to figure out which one meets the encryption requirement.
upvoted 0 times
...
Janae
4 months ago
This looks like a straightforward S3 bucket policy question. I'll carefully review the policy options and think through the requirements to determine the best solution.
upvoted 0 times
...
Adell
4 months ago
I remember something about using conditions in bucket policies, so maybe Option A could be the answer, but I need to double-check that.
upvoted 0 times
...
Bernardo
4 months ago
I feel like Option D might be the right choice since it mentions encryption in transit, but I’m a bit confused about the syntax.
upvoted 0 times
...
Verda
5 months ago
I think it was Option B that we practiced in a similar question about enforcing encryption, but I can't recall the exact details.
upvoted 0 times
...
Jerilyn
5 months ago
I remember we discussed S3 bucket policies in class, but I'm not entirely sure which option specifically denies unencrypted operations.
upvoted 0 times
...
Naomi
5 months ago
Hmm, this one seems a bit tricky. I'll need to carefully read through the options and think about the support policies for these templates.
upvoted 0 times
...
Nikita
5 months ago
I'm a bit confused by this one. The question mentions connectivity issues, but the answer choices don't seem to directly address that. I'll need to think this through more carefully.
upvoted 0 times
...
Mitzie
5 months ago
I recall us discussing how the full domain includes both the subdomain and the main domain. Could it be ".CIWcertified"?
upvoted 0 times
...
Janet
2 years ago
Option C is interesting, but it's a bit more complex. It uses the 'aws:SecureTransport' condition for all actions, which is good, but it also has an additional 'aws:referer' condition. I'm not sure if that's necessary for this specific requirement.
upvoted 0 times
...
Karon
2 years ago
I'm not sure about Option B. It seems to only deny the 'GetObject' and 'PutObject' actions, but what about other operations like 'DeleteObject' or 'ListBucket'? We need a more comprehensive policy.
upvoted 0 times
...
Adaline
2 years ago
Option A looks promising. It denies all requests that don't have the 'aws:SecureTransport' condition set to 'true'. This should effectively enforce the encryption requirement.
upvoted 0 times
Giuseppe
2 years ago
Sounds like a plan, implementing either of those policies should keep our data secure in transit.
upvoted 0 times
...
Cordelia
2 years ago
Let's go with either Option A or Option C to meet the company's encryption guideline for the S3 bucket.
upvoted 0 times
...
Latonia
2 years ago
I agree, either of those options should help ensure all data in transit is encrypted.
upvoted 0 times
...
Patti
2 years ago
Option A and Option C both sound like good choices for enforcing encryption in the S3 bucket policy.
upvoted 0 times
...
Francesco
2 years ago
True, Option C also seems to meet the encryption requirement by denying non-encrypted requests.
upvoted 0 times
...
Earleen
2 years ago
But what about Option C? It explicitly denies any requests without the 's3:x-amz-server-side-encryption' condition.
upvoted 0 times
...
Angelo
2 years ago
I think Option A is the way to go. It enforces encryption for all requests.
upvoted 0 times
...
...
Stephen
2 years ago
Wow, this question is pretty straightforward. The company's guideline is clear - all S3 bucket data must be encrypted in transit, and the policy needs to deny any operations if the data is not encrypted. Let's take a closer look at the options.
upvoted 0 times
...

Save Cancel