A company must ensure that any objects uploaded to an S3 bucket are encrypted. Which of the following actions will meet this requirement? (Choose two.)
A.
Implement AWS Shield to protect against unencrypted objects stored in S3 buckets.
B.
Implement Object access control list (ACL) to deny unencrypted objects from being uploaded to the S3 bucket.
C.
Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored.
D.
Implement Amazon Inspector to inspect objects uploaded to the S3 bucket to make sure that they are encrypted.
E.
Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets.
C. Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored. Most Voted
E. Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets.
CE correct, default encryption is a feature you can enable and disable in S3, it encrypt the data when entered S3 and decrypt whenever people retrieve data...server-side encryption is data encrypted as it is before entering an S3..
Poorly worded question as encrypting objects before uploading would use client side encryption. C&E seem the most likely answers, as ACLs can't prevent the uploading of unencrypted objects.
Sorry @Finger41 and @Mecdrox I am bit confused by C as the question states:
"verify that all items uploaded to an S3 bucket are encrypted prior to uploading them"
Option C from what I can see states:
"With Amazon S3 default encryption, you can set the default encryption behaviuor for an S3 bucket so that all new objects are encrypted when they are stored in the bucket. The objects are encrypted using server-side encryption with either Amazon S3-managed keys (SSE-S3) or AWS KMS keys stored in AWS Key Management Service (AWS KMS) (SSE-KMS)."
https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html
Does the data not need to be encrypted prior to being uploaded?
Its encrypted at the time of writing to disk. :). Ensures all objects are encrypted when data is stored in S3, if using Amazon S3 default encryption ie server side encryption.
Looking at an extension of your link : https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html
Amazon S3 encrypts your data at the object level as it writes it to disks in its data centers and decrypts it for you when you access it.
"In order to enforce object encryption, create an S3 bucket policy that denies any S3 Put request that does not include the x-amz-server-side-encryption header. There are two possible values for the x-amz-server-side-encryption header: AES256, which tells S3 to use S3-managed keys, and aws:kms, which tells S3 to use AWS KMS–managed keys."
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
CVDON
Highly Voted 1 year, 12 months agomimahmed_awseducate
1 year, 2 months agoogum
Most Recent 2 days, 3 hours ago64rl0
5 months agoNAVADIYA
1 year, 3 months agoCVDON
1 year, 12 months agoBietTuot
2 years, 2 months agomichaldavid
2 years, 2 months agomlantonis2
2 years, 2 months agoLiongeek
2 years, 2 months agoSurferbolt
2 years, 4 months agonakikoo
2 years, 5 months agoMikeyJ
2 years, 8 months agoby116549
2 years, 9 months agoFinger41
2 years, 8 months agoFinger41
2 years, 9 months agoMikeyJ
2 years, 8 months agoMecdrox
2 years, 9 months ago