Topic 1 Question 265
A company stores sensitive data in an Amazon S3 bucket. The company encrypts the data at rest by using server-side encryption with Amazon S3 managed keys (SSE-S3).
A security engineer must prevent any modifications to the data in the S3 bucket.
Which solution will meet this requirement?
Configure S3 bucket policies to deny DELETE and PUT object permissions.
Configure S3 Object Lock in compliance mode with S3 bucket versioning enabled.
Change the encryption on the S3 bucket to use AWS Key Management Service (AWS KMS) customer managed keys.
Configure the S3 bucket with multi-factor authentication (MFA) delete protection.
ユーザの投票
コメント(1)
- 正解だと思う選択肢: B
S3 Object Lock in compliance mode ensures that the objects cannot be deleted or overwritten for a fixed amount of time or indefinitely, providing a strong safeguard against accidental or malicious changes. Enabling versioning adds an additional layer of protection by keeping multiple versions of an object, which can be useful for recovery purposes.
👍 1Pmktechno2024/12/29
シャッフルモード