Topic 1 Question 235

AWS Certified SysOps Administrator - Associate

Topic 1 Question 235
A SysOps administrator has blocked public access to all company Amazon S3 buckets. The SysOps administrator wants to be notified when an S3 bucket becomes publicly readable in the future.

What is the MOST operationally efficient way to meet this requirement?
- Create an AWS Lambda function that periodically checks the public access settings for each S3 bucket. Set up Amazon Simple Notification Service (Amazon SNS) to send notifications.
- Create a cron script that uses the S3 API to check the public access settings for each S3 bucket. Set up Amazon Simple Notification Service (Amazon SNS) to send notifications.
- Enable S3 Event Notifications for each S3 bucket. Subscribe S3 Event Notifications to an Amazon Simple Notification Service (Amazon SNS) topic.
- Enable the s3-bucket-public-read-prohibited managed rule in AWS Config. Subscribe the AWS Config rule to an Amazon Simple Notification Service (Amazon SNS) topic.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: D
  I think D is correct: https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-public-read-prohibited.html
  
  👍 3
  Gil802023/02/13
- 正解だと思う選択肢: D
  I pick D - it’s clearly not A, B. Also, it can’t be C since S3 events cannot publish notifications when public access is enabled (see, https://docs.aws.amazon.com/AmazonS3/latest/userguide/NotificationHowTo.html).
  
  👍 3
  csG132023/03/06
- D is correct https://aws.amazon.com/blogs/security/how-to-use-aws-config-to-monitor-for-and-respond-to-amazon-s3-buckets-allowing-public-access/
  
  👍 2
  braveheart222023/03/04
シャッフルモード

ユーザの投票

コメント(3)