Topic 1 Question 227
A company updates its security policy to prohibit the public exposure of any data in Amazon S3 buckets in the company's account.
What should a SysOps administrator do to meet this requirement?
Turn on S3 Block Public Access from the account level.
Create an Amazon Event Bridge (Amazon CloudWatch Events) rule to enforce that all S3 objects are private.
Use Amazon Inspector to search for S3 buckets and to automatically reset S3 ACLs if any public S3 buckets are found.
Use S3 Object Lambda to examine S3 ACLs and to change any public S3 ACLs to private.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: A
Based on the 1st paragraph from this link: https://aws.amazon.com/s3/features/block-public-access/ it seems that A is the simplest solution.
👍 1Gil802023/02/09 - 正解だと思う選択肢: A
S3 Block Public Access is a security feature that can be enabled at the account level to prevent public access to S3 buckets and objects. It provides four settings for blocking public access, which can be applied at the account level, the bucket level, or the object level. By enabling this feature at the account level, all existing and future S3 buckets and objects will be protected against public access. This meets the requirement to prohibit the public exposure of any data in S3 buckets in the company's account.
👍 1Vivec2023/03/10
シャッフルモード