Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SCS-C02 Topic 9 Question 8 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 8
Topic #: 9
[All SCS-C02 Questions]

A company has a guideline that mandates the encryption of all Amazon S3 bucket data in transit. A security engineer must implement an S3 bucket policy that denies any S3 operations if data is not encrypted.

Which S3 bucket policy will meet this requirement?

A.

B.

C.

D.

Show Suggested Answer Hide Answer

Contribute your Thoughts:

Janet
8 months ago
Option C is interesting, but it's a bit more complex. It uses the 'aws:SecureTransport' condition for all actions, which is good, but it also has an additional 'aws:referer' condition. I'm not sure if that's necessary for this specific requirement.
upvoted 0 times
...
Karon
8 months ago
I'm not sure about Option B. It seems to only deny the 'GetObject' and 'PutObject' actions, but what about other operations like 'DeleteObject' or 'ListBucket'? We need a more comprehensive policy.
upvoted 0 times
...
Adaline
8 months ago
Option A looks promising. It denies all requests that don't have the 'aws:SecureTransport' condition set to 'true'. This should effectively enforce the encryption requirement.
upvoted 0 times
Giuseppe
7 months ago
Sounds like a plan, implementing either of those policies should keep our data secure in transit.
upvoted 0 times
...
Cordelia
7 months ago
Let's go with either Option A or Option C to meet the company's encryption guideline for the S3 bucket.
upvoted 0 times
...
Latonia
8 months ago
I agree, either of those options should help ensure all data in transit is encrypted.
upvoted 0 times
...
Patti
8 months ago
Option A and Option C both sound like good choices for enforcing encryption in the S3 bucket policy.
upvoted 0 times
...
Francesco
8 months ago
True, Option C also seems to meet the encryption requirement by denying non-encrypted requests.
upvoted 0 times
...
Earleen
8 months ago
But what about Option C? It explicitly denies any requests without the 's3:x-amz-server-side-encryption' condition.
upvoted 0 times
...
Angelo
8 months ago
I think Option A is the way to go. It enforces encryption for all requests.
upvoted 0 times
...
...
Stephen
8 months ago
Wow, this question is pretty straightforward. The company's guideline is clear - all S3 bucket data must be encrypted in transit, and the policy needs to deny any operations if the data is not encrypted. Let's take a closer look at the options.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77