ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 37 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 37
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

A company has an Amazon S3 bucket that contains sensitive data. The data must be encrypted in transit and at rest. The company encrypts the data in the S3 bucket by using an AWS Key Management Service (AWS KMS) key. A developer needs to grant several other AWS accounts the permission to use the S3 GetObject operation to retrieve the data from the S3 bucket.
How can the developer enforce that all requests to retrieve the data provide encryption in transit?

  • A. Define a resource-based policy on the S3 bucket to deny access when a request meets the condition “aws:SecureTransport”: “false”.
  • B. Define a resource-based policy on the S3 bucket to allow access when a request meets the condition “aws:SecureTransport”: “false”.
  • C. Define a role-based policy on the other accounts' roles to deny access when a request meets the condition of “aws:SecureTransport”: “false”.
  • D. Define a resource-based policy on the KMS key to deny access when a request meets the condition of “aws:SecureTransport”: “false”.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Watascript at March 25, 2023, 1:22 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Untamables
Highly Voted 2 years ago
Selected Answer: A
A https://repost.aws/knowledge-center/s3-bucket-policy-for-config-rule
upvoted 9 times
...
Watascript
Highly Voted 2 years, 1 month ago
Selected Answer: A
A is correct.
upvoted 5 times
...
pratik7006
Most Recent 1 month, 1 week ago
Selected Answer: A
B. Allow access when "aws:SecureTransport": "false" ❌ This would allow HTTP instead of enforcing HTTPS. C. Role-based policy on other accounts' roles ❌ The bucket owner controls access, not external accounts. A bucket policy is required. D. Resource-based policy on the KMS key ❌ KMS policies control encryption keys, not transport security. HTTP/HTTPS enforcement must happen at the S3 bucket level.
upvoted 1 times
...
sumanshu
4 months ago
Selected Answer: A
A) Correct - The condition “aws:SecureTransport”: “false” ensures that only secure requests (encrypted in transit) are allowed. B) Eliminated - This allows access only when the request does not use secure transport. This is opposite of the requirement C) Eliminated - Resource-based policies at the bucket level are better suited for cross-account access. D) Eliminated - The GetObject operation is specific to the S3 bucket, not the KMS key.
upvoted 3 times
...
rue_
5 months, 4 weeks ago
aws:SecureTransport condition does not apply to KMS key policies
upvoted 1 times
...
65703c1
11 months, 1 week ago
Selected Answer: A
A is the correct answer.
upvoted 1 times
...
ibratoev
1 year ago
A is correct.
upvoted 1 times
...
CrescentShared
1 year, 6 months ago
Selected Answer: D
Hesitate between A and D. Question is not clear on weather we want to block all the information or only the sensitive part.
upvoted 2 times
KarBiswa
1 year, 4 months ago
Agree, but id we compare between A & D, A seems to be more accurate.
upvoted 1 times
...
...
winzzhhzzhh
1 year, 7 months ago
I know A is correct but D seems correct as well, since users will need access to the KMS key to decrypt the data in the bucket.
upvoted 3 times
...
Malkia
1 year, 11 months ago
Selected Answer: A
A is correct.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago