Topic 1 Question 119
A company has AWS accounts that are in an organization in AWS Organizations. An Amazon S3 bucket in one of the accounts is publicly accessible.
A security engineer must change the configuration so that the S3 bucket is no longer publicly accessible. The security engineer also must ensure that the S3 bucket cannot be made publicly accessible in the future.
Which solution will meet these requirements?
Configure the S3 bucket to use an AWS Key Management Service (AWS KMS) key. Encrypt all objects in the S3 bucket by creating a bucket policy that enforces encryption. Configure an SCP to deny the s3:GetObject action for the OU that contains the AWS account.
Enable the PublicAccessBlock configuration on the S3 bucket. Configure an SCP to deny the s3:GetObject action for the OU that contains the AWS account.
Enable the PublicAccessBlock configuration on the S3 bucket. Configure an SCP to deny the s3:PutPublicAccessBlock action for the OU that contains the AWS account.
Configure the S3 bucket to use S3 Object Lock in governance mode. Configure an SCP to deny the s3:PutPublicAccessBlock action for the OU that contains the AWS account.
ユーザの投票
コメント(6)
- 正解だと思う選択肢: C
Enable PublicAccessBlock Configuration: https://aws.amazon.com/s3/features/block-public-access/?nc1=h_ls
Configure an SCP (Service Control Policy): An SCP is a policy that you can attach to an AWS Organization, organizational unit (OU), or an account. It acts as a guardrail to control permissions across accounts. In your case, you want to deny the s3:PutPublicAccessBlock action for the OU containing your AWS account. Go to the AWS Organizations console. Navigate to the OU that contains your account. Create a new SCP or edit an existing one. Add a statement that denies the s3:PutPublicAccessBlock action for the relevant S3 buckets. Attach the SCP to the OU. Ensure that your AWS account is part of the OU.
👍 2aescudero512024/05/22 C Enable the PublicAccessBlock & use SCP to deny the s3:PutPublicAccessBlock action
👍 1Zek2024/05/13why not B?
👍 1sema22322024/06/12
シャッフルモード