ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 170 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 170
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company uses AWS Organizations and has many AWS accounts. The company has a new requirement to use server-side encryption with customer-provided keys (SSE-C) on all new object uploads to Amazon S3 buckets.

A security engineer is creating an SCP that includes a Deny effect for the s3:PutObject action.

Which condition must the security engineer add to the SCP to enforce the new SSE-C requirement?

  • A.
  • B.
  • C.
  • D.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Zek at May 14, 2024, 4:40 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CarlosC
6 months, 3 weeks ago
Selected Answer: A
The "Null" condition key with "true" ensures that the s3:x-amz-server-side-encryption-customer-algorithm header must be present in the s3:PutObject request. This header specifies the use of SSE-C.
upvoted 2 times
...
HappyG
7 months, 2 weeks ago
Selected Answer: C
Deny: This Deny statement ensures that the action is blocked unless the specified condition is met. s3:PutObject: This is the action that allows uploading objects to S3. Condition: The condition enforces that the upload must include the SSE-C encryption header. The key s3:x-amz-server-side-encryption-customer-algorithm must be set to a valid encryption algorithm (such as AES256) to use SSE-C. StringNotEqualsIfExists: This condition ensures that if the header is not present in the request, it is denied. This SCP effectively enforces the requirement that all object uploads to the specified S3 bucket(s) must use SSE-C with the specified encryption algorithm.
upvoted 1 times
HappyG
7 months, 2 weeks ago
It's A.
upvoted 1 times
...
...
5409b91
1 year ago
Selected Answer: A
Condition: The condition specifies that the s3:x-amz-server-side-encryption-customer-algorithm key must not be null (Null: "true"). If this key is absent, the condition evaluates to true, and the Deny effect is applied.
upvoted 2 times
...
xekiva3329
1 year ago
Selected Answer: A
https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html
upvoted 4 times
...
fibonacciname
1 year, 1 month ago
Selected Answer: A
A is correct
upvoted 3 times
...
Zek
1 year, 2 months ago
A - Correct Answer https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html#ssec-require-condition-key
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel