Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 265 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02

Question #: 265
Topic #: 1

[All AWS Certified Security - Specialty SCS-C02 Questions]

A company stores sensitive data in an Amazon S3 bucket. The company encrypts the data at rest by using server-side encryption with Amazon S3 managed keys (SSE-S3).

A security engineer must prevent any modifications to the data in the S3 bucket.

Which solution will meet this requirement?

A. Configure S3 bucket policies to deny DELETE and PUT object permissions.
B. Configure S3 Object Lock in compliance mode with S3 bucket versioning enabled.
C. Change the encryption on the S3 bucket to use AWS Key Management Service (AWS KMS) customer managed keys.
D. Configure the S3 bucket with multi-factor authentication (MFA) delete protection.

Show Suggested Answer

Suggested Answer: B 🗳️

by Pmktechno at Dec. 29, 2024, 10:27 a.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Submit Cancel

Pmktechno

3 months, 4 weeks ago

Selected Answer: B

S3 Object Lock in compliance mode ensures that the objects cannot be deleted or overwritten for a fixed amount of time or indefinitely, providing a strong safeguard against accidental or malicious changes. Enabling versioning adds an additional layer of protection by keeping multiple versions of an object, which can be useful for recovery purposes.

upvoted 1 times

...

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 265 discussion

Comments

Pmktechno

SY0-701