ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 119 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 119
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company has AWS accounts that are in an organization in AWS Organizations. An Amazon S3 bucket in one of the accounts is publicly accessible.

A security engineer must change the configuration so that the S3 bucket is no longer publicly accessible. The security engineer also must ensure that the S3 bucket cannot be made publicly accessible in the future.

Which solution will meet these requirements?

  • A. Configure the S3 bucket to use an AWS Key Management Service (AWS KMS) key. Encrypt all objects in the S3 bucket by creating a bucket policy that enforces encryption. Configure an SCP to deny the s3:GetObject action for the OU that contains the AWS account.
  • B. Enable the PublicAccessBlock configuration on the S3 bucket. Configure an SCP to deny the s3:GetObject action for the OU that contains the AWS account.
  • C. Enable the PublicAccessBlock configuration on the S3 bucket. Configure an SCP to deny the s3:PutPublicAccessBlock action for the OU that contains the AWS account.
  • D. Configure the S3 bucket to use S3 Object Lock in governance mode. Configure an SCP to deny the s3:PutPublicAccessBlock action for the OU that contains the AWS account.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Zek at May 13, 2024, 2:54 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nznzwell
5 months, 1 week ago
Selected Answer: C
For those who chose B, how can it be correct? an SCP denying s3:GetObject will deny access to the objects regardless if it is from the public or within the account... B will render the bucket inaccessible.
upvoted 1 times
...
helloworldabc
9 months, 2 weeks ago
just B
upvoted 1 times
...
Olaunfazed
1 year ago
Answer is B Enabling the PublicAccessBlock configuration on the S3 bucket prevents public access. Additionally, configuring an SCP (Service Control Policy) to deny the s3:GetObject action for the organizational unit (OU) containing the AWS account ensures that the bucket remains private.
upvoted 1 times
Davidng88
9 months, 4 weeks ago
By configuring an SCP to deny the s3:GetObject action prevents accessing S3 objects from public, but deny the s3:PutPublicAccessBlock action, prevent any changes to the disable PublicAccessBlock settings, ensuring that the bucket remains private in future.
upvoted 1 times
...
...
sema2232
1 year ago
why not B?
upvoted 1 times
...
aescudero51
1 year, 1 month ago
Selected Answer: C
Enable PublicAccessBlock Configuration: https://aws.amazon.com/s3/features/block-public-access/?nc1=h_ls Configure an SCP (Service Control Policy): An SCP is a policy that you can attach to an AWS Organization, organizational unit (OU), or an account. It acts as a guardrail to control permissions across accounts. In your case, you want to deny the s3:PutPublicAccessBlock action for the OU containing your AWS account. Go to the AWS Organizations console. Navigate to the OU that contains your account. Create a new SCP or edit an existing one. Add a statement that denies the s3:PutPublicAccessBlock action for the relevant S3 buckets. Attach the SCP to the OU. Ensure that your AWS account is part of the OU.
upvoted 2 times
...
Zek
1 year, 1 month ago
C Enable the PublicAccessBlock & use SCP to deny the s3:PutPublicAccessBlock action
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel