Topic 1 Question 89
A company uses Amazon S3 to store its confidential audit documents. The S3 bucket uses bucket policies to restrict access to audit team IAM user credentials according to the principle of least privilege. Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution. What should a solutions architect do to secure the audit documents?
Enable the versioning and MFA Delete features on the S3 bucket.
Enable multi-factor authentication (MFA) on the IAM user credentials for each audit team IAM user account.
Add an S3 Lifecycle policy to the audit team's IAM user accounts to deny the s3:DeleteObject action during audit dates.
Use AWS Key Management Service (AWS KMS) to encrypt the S3 bucket and restrict audit team IAM user accounts from accessing the KMS key.
ユーザの投票
コメント(10)
- 正解だと思う選択肢: A
Same as Question #44
👍 10123jhl02022/10/18 - 正解だと思う選択肢: A
The solution architect should do Option A: Enable the versioning and MFA Delete features on the S3 bucket.
This will secure the audit documents by providing an additional layer of protection against accidental deletion. With versioning enabled, any deleted or overwritten objects in the S3 bucket will be preserved as previous versions, allowing the company to recover them if needed. With MFA Delete enabled, any delete request made to the S3 bucket will require the use of an MFA code, which provides an additional layer of security.
👍 2Buruguduystunstugudunstuy2022/12/27 what about : IAM policies are used to specify permissions for AWS resources, and they can be used to allow or deny specific actions on those resources. { "Version": "2012-10-17", "Statement": [ { "Sid": "DenyDeleteObject", "Effect": "Deny", "Action": "s3:DeleteObject", "Resource": [ "arn:aws:s3:::my-bucket/my-object", "arn:aws:s3:::my-bucket" ] } ] }
👍 2karbob2023/01/09
シャッフルモード