exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 100 discussion

A company has a guideline that mandates the encryption of all Amazon S3 bucket data in transit. A security engineer must implement an S3 bucket policy that denies any S3 operations if data is not encrypted.

Which S3 bucket policy will meet this requirement?

  • A.
  • B.
  • C.
  • D.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
awssecuritynewbie
9 months, 2 weeks ago
Selected Answer: B
yeah is not good question, it should of been allow if thestring not equal : encrypted"
upvoted 1 times
...
awssecuritynewbie
9 months, 3 weeks ago
Selected Answer: B
It is defo B, you are denying access if the condition is set not to encrypt in trasnit
upvoted 1 times
...
cannoe
10 months, 2 weeks ago
The question is a bit tricky for me. The requirement is: "A security engineer must implement an S3 bucket policy that denies any S3 operations if data is not encrypted." Using HTTPS as a connection does not encrypt the data, it encrypts the connection. When using HTTPS to access an Amazon S3 bucket, the HTTPS encryption is de-encapsulated at the S3 service endpoint. This means the data transmitted between your application and the S3 endpoint is encrypted in transit using HTTPS, but once it reaches the S3 endpoint, the encryption is removed before the data is stored in S3.
upvoted 1 times
...
Aamee
1 year ago
Selected Answer: B
Updated selection: Def. B
upvoted 2 times
...
kejam
1 year ago
Selected Answer: B
Enforce encryption of data in transit https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html#security-best-practices-prevent
upvoted 1 times
...
AgboolaKun
1 year ago
Selected Answer: B
This question is requesting to make objects accessible only through HTTPS. Option B is correct because it specifies the bucket policy condition with correct syntax. Please refer to "Defense-in-depth requirement 2: Data must be accessible only by a limited set of public IP addresses" section in this link - https://aws.amazon.com/blogs/security/how-to-use-bucket-policies-and-apply-defense-in-depth-to-help-secure-your-amazon-s3-data/
upvoted 4 times
Aamee
1 year ago
Thnx so much... got the concept cleared now so def. going with B here now..
upvoted 1 times
...
...
Aamee
1 year ago
Selected Answer: C
Not sure if I'm fully correct here in selecting this ans. I'd go with C here cuz I feel like it is asked about no S3 bucket operation IF the data is not encrypted. It doesn't say about if the data is not securely in transit. That's why in my opinion, the AES256 encryption method should be mentioned under the conditional logic area in the bucket policy. But I'd appreciate if anyone else would like to discuss and clarify my understandings on this if I'm incorrect here... Thnx so much!
upvoted 1 times
...
[Removed]
1 year ago
Selected Answer: B
B. You want to deny where secure transport is false
upvoted 2 times
Wije1
1 year ago
https://repost.aws/knowledge-center/s3-bucket-policy-for-config-rule
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...