Topic 1 Question 274
A company has an application that generates reports and stores them in an Amazon S3 bucket. When a user accesses their report, the application generates a signed URL to allow the user to download the report. The company's security team has discovered that the files are public and that anyone can download them without authentication. The company has suspended the generation of new reports until the problem is resolved.
Which set of actions will immediately remediate the security issue without impacting the application's normal workflow?
Create an AWS Lambda function that applies a deny all policy for users who are not authenticated. Create a scheduled event to invoke the Lambda function.
Review the AWS Trusted Advisor bucket permissions check and implement the recommended actions.
Run a script that puts a private ACL on all of the objects in the bucket.
Use the Block Public Access feature in Amazon S3 to set the IgnorePublicAcIs option to TRUE on the bucket.
ユーザの投票
コメント(13)
- 正解だと思う選択肢: D
D - Block Public Access feature in Amazon S3 to set the IgnorePublicAcIs
👍 2PhuocT2023/06/24 - 正解だと思う選択肢: D
Amazon S3 Block Public Access provides settings for access points, buckets, and accounts to help you manage public access to Amazon S3 resources. By default, new buckets, access points, and objects don't allow public access, but users or applications can modify bucket policies or object permissions to allow public access. S3 Block Public Access settings override these public access settings. You can use S3 Block Public Access to block existing public access, whether specified by an ACL or a policy, and to ensure that public access isn't granted to newly created items. Using signed URLs to grant temporary access to the S3 objects is a secure way to share files. It allows the company to continue using their current workflow without affecting its users while also maintaining the privacy and security of the files in the bucket.
👍 2gd12023/06/24 Correct D. Uses the Block Public Access feature in Amazon S3 to set the IgnorePublicAcls option to TRUE on the bucket. This would immediately block public access to the files in the S3 bucket without affecting the application's normal workflow. The application can still generate signed URLs to allow users to download their reports. The IgnorePublicAcls setting ignores any public ACLs on objects in this bucket and any objects that are added to this bucket in the future.
👍 2ggrodskiy2023/07/22
シャッフルモード