Topic 1 Question 400
2 つ選択A company has an application that uses an Amazon S3 bucket for object storage. A developer needs to configure in-transit encryption for the S3 bucket. All the S3 objects containing personal data needs to be encrypted at rest with AWS Key Management Service (AWS KMS) keys, which can be rotated on demand.
Which combination of steps will meet these requirements?
Write an S3 bucket policy to allow only encrypted connections over HTTPS by using permissions boundary.
Configure an S3 bucket policy to enable client-side encryption for the objects containing personal data by using an AWS KMS customer managed key.
Configure the application to encrypt the objects by using an AWS KMS customer managed key before uploading the objects containing personal data to Amazon S3.
Write an S3 bucket policy to allow only encrypted connections over HTTPS by using the aws:SecureTransport condition.
Configure S3 Block Public Access settings for the S3 bucket to allow only encrypted connections over HTTPS.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: CD
To achieve the requirements of ensuring encryption in transit and at rest for the S3 bucket with AWS KMS keys, the most suitable steps are:
D: Enforce HTTPS connections to ensure encryption in transit. C: Configure encryption with AWS KMS for encryption at rest.
👍 4rdiaz2024/07/12 C. Configure the application to encrypt the objects by using an AWS KMS customer managed key before uploading the objects containing personal data to Amazon S3. D. Write an S3 bucket policy to allow only encrypted connections over HTTPS by using the aws:SecureTransport condition.
👍 2komorebi2024/07/12
シャッフルモード