Option D is not valid because: Amazon GuardDuty (Option D) is a threat detection service that continuously monitors for malicious activity and unauthorized behavior. It can detect issues related to S3 buckets, but it doesn't directly address the encryption of sensitive data in the bucket.
B. All Amazon S3 buckets have encryption configured by default, and all new objects that are uploaded to an S3 bucket are automatically encrypted at rest. Server-side encryption with Amazon S3 managed keys (SSE-S3) is the default encryption configuration for every bucket in Amazon S3.
Why not D: Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads to detect malicious activity and delivers detailed security findings, enabling visibility and remediation.
It's not a configurable filter to protect a S3 bucket
Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads to detect malicious activity and delivers detailed security findings, enabling visibility and remediation.
It's not a configurable filter to protect a S3 bucket.
B. Enable S3 server-side encryption on the S3 bucket.
"Server-side encryption – When you use server-side encryption, Amazon S3 encrypts your objects before saving them on disks in its data centers and then decrypts the objects when you download them. Server-side encryption can help reduce risk to your data by encrypting the data with a key that is stored in a different mechanism than the mechanism that stores the data itself."
https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html#:~:text=Server%2Dside%20encryption%20%E2%80%93%20When,stores%20the%20data%20itself.
The best practice for securing sensitive data stored in Amazon S3 is to enable S3 server-side encryption on the S3 bucket. This ensures that the data is encrypted at rest and can only be accessed by authorized parties with the appropriate decryption keys.
B. Enable S3 server-side encryption on the S3 bucket.
Enabling server-side encryption ensures that sensitive data stored in Amazon S3 is protected at rest, even if an unauthorized party gains access to the data. It also helps meet compliance requirements for data protection. Cross-Region replication, AWS WAF, and Amazon GuardDuty are all useful for enhancing the security of an S3 bucket, but enabling server-side encryption is a fundamental security best practice.
Guradduty is threat detection service that will monitor and provide detailed findings on malicious activities for remediation.
for sensitive data handling, s3 server side encryption seems to be more accurate option.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Manny_75
1 year, 4 months agoNolos
1 year, 6 months agoNolos
1 year, 6 months agofndslike
1 year, 8 months agoNolos
1 year, 6 months agoPranava_GCP
1 year, 9 months agoGuru4Cloud
2 years agoRajithaR
2 years, 1 month agoSaif93
2 years, 3 months agoVrush44
2 years, 4 months agoFreddyBrainy
2 years, 5 months agoRedes
2 years, 5 months agosimonak
2 years, 5 months agoSLEON01
2 years, 5 months agoJA2018
2 years, 5 months agoFreddyBrainy
2 years, 5 months agosimonak
2 years, 5 months ago