exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 170 discussion

A company uses AWS Organizations and has many AWS accounts. The company has a new requirement to use server-side encryption with customer-provided keys (SSE-C) on all new object uploads to Amazon S3 buckets.

A security engineer is creating an SCP that includes a Deny effect for the s3:PutObject action.

Which condition must the security engineer add to the SCP to enforce the new SSE-C requirement?

  • A.
  • B.
  • C.
  • D.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
HappyG
3 days, 17 hours ago
Selected Answer: C
Deny: This Deny statement ensures that the action is blocked unless the specified condition is met. s3:PutObject: This is the action that allows uploading objects to S3. Condition: The condition enforces that the upload must include the SSE-C encryption header. The key s3:x-amz-server-side-encryption-customer-algorithm must be set to a valid encryption algorithm (such as AES256) to use SSE-C. StringNotEqualsIfExists: This condition ensures that if the header is not present in the request, it is denied. This SCP effectively enforces the requirement that all object uploads to the specified S3 bucket(s) must use SSE-C with the specified encryption algorithm.
upvoted 1 times
HappyG
3 days, 17 hours ago
It's A.
upvoted 1 times
...
...
5409b91
4 months, 3 weeks ago
Selected Answer: A
Condition: The condition specifies that the s3:x-amz-server-side-encryption-customer-algorithm key must not be null (Null: "true"). If this key is absent, the condition evaluates to true, and the Deny effect is applied.
upvoted 1 times
...
xekiva3329
5 months, 2 weeks ago
Selected Answer: A
https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html
upvoted 3 times
...
fibonacciname
6 months, 2 weeks ago
Selected Answer: A
A is correct
upvoted 2 times
...
Zek
6 months, 3 weeks ago
A - Correct Answer https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html#ssec-require-condition-key
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...