Topic 1 Question 321
What should a solutions architect do to ensure that all objects uploaded to an Amazon S3 bucket are encrypted?
Update the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set.
Update the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set to private.
Update the bucket policy to deny if the PutObject does not have an aws:SecureTransport header set to true.
Update the bucket policy to deny if the PutObject does not have an x-amz-server-side-encryption header set.
ユーザの投票
コメント(9)
- 正解だと思う選択肢: D👍 5bdp1232023/02/17
- 正解だと思う選択肢: D
To ensure that all objects uploaded to an Amazon S3 bucket are encrypted, the solutions architect should update the bucket policy to deny any PutObject requests that do not have an x-amz-server-side-encryption header set. This will prevent any objects from being uploaded to the bucket unless they are encrypted using server-side encryption.
👍 3LuckyAro2023/02/21 To encrypt an object at the time of upload, you need to add a header called x-amz-server-side-encryption to the request to tell S3 to encrypt the object using SSE-C, SSE-S3, or SSE-KMS. The following code example shows a Put request using SSE-S3. https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/
👍 3kruasan2023/04/29
シャッフルモード