Amazon Exam SCS-C02 Topic 9 Question 8 Discussion

Actual exam question for Amazon's SCS-C02 exam

Question #: 8
Topic #: 9

A company has a guideline that mandates the encryption of all Amazon S3 bucket data in transit. A security engineer must implement an S3 bucket policy that denies any S3 operations if data is not encrypted.

Which S3 bucket policy will meet this requirement?

AOption A

BOption B

COption C

DOption D

Show Suggested Answer

Suggested Answer: B

https://aws.amazon.com/blogs/security/how-to-use-bucket-policies-and-apply-defense-in-depth-to-help-secure-your-amazon-s3-data/

by Jose at Nov 21, 2023, 11:38 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Janet

2 days ago

Option C is interesting, but it's a bit more complex. It uses the 'aws:SecureTransport' condition for all actions, which is good, but it also has an additional 'aws:referer' condition. I'm not sure if that's necessary for this specific requirement.

upvoted 0 times

...

Karon

3 days ago

I'm not sure about Option B. It seems to only deny the 'GetObject' and 'PutObject' actions, but what about other operations like 'DeleteObject' or 'ListBucket'? We need a more comprehensive policy.

upvoted 0 times

...

Adaline

4 days ago

Option A looks promising. It denies all requests that don't have the 'aws:SecureTransport' condition set to 'true'. This should effectively enforce the encryption requirement.

upvoted 0 times

...

Stephen

5 days ago

Wow, this question is pretty straightforward. The company's guideline is clear - all S3 bucket data must be encrypted in transit, and the policy needs to deny any operations if the data is not encrypted. Let's take a closer look at the options.

upvoted 0 times

...