ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 235 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 235
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A SysOps administrator has blocked public access to all company Amazon S3 buckets. The SysOps administrator wants to be notified when an S3 bucket becomes publicly readable in the future.

What is the MOST operationally efficient way to meet this requirement?

  • A. Create an AWS Lambda function that periodically checks the public access settings for each S3 bucket. Set up Amazon Simple Notification Service (Amazon SNS) to send notifications.
  • B. Create a cron script that uses the S3 API to check the public access settings for each S3 bucket. Set up Amazon Simple Notification Service (Amazon SNS) to send notifications.
  • C. Enable S3 Event Notifications for each S3 bucket. Subscribe S3 Event Notifications to an Amazon Simple Notification Service (Amazon SNS) topic.
  • D. Enable the s3-bucket-public-read-prohibited managed rule in AWS Config. Subscribe the AWS Config rule to an Amazon Simple Notification Service (Amazon SNS) topic.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Gil80 at Feb. 13, 2023, 1:33 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
braveheart22
Highly Voted 1 year, 7 months ago
D is correct https://aws.amazon.com/blogs/security/how-to-use-aws-config-to-monitor-for-and-respond-to-amazon-s3-buckets-allowing-public-access/
upvoted 7 times
braveheart22
1 year, 7 months ago
Option C is ok as well, but the issue is the task of enabling S3 Event Notifications for each S3 bucket would be operationally inefficient.
upvoted 2 times
...
...
csG13
Highly Voted 1 year, 7 months ago
Selected Answer: D
I pick D - it’s clearly not A, B. Also, it can’t be C since S3 events cannot publish notifications when public access is enabled (see, https://docs.aws.amazon.com/AmazonS3/latest/userguide/NotificationHowTo.html).
upvoted 6 times
...
TareDHakim
Most Recent 9 months, 4 weeks ago
Selected Answer: C
I vote C
upvoted 1 times
...
jipark
1 year, 2 months ago
Selected Answer: C
why not D : AWS config 'block' public access, but exam requested to 'notify'
upvoted 1 times
xSohox
1 year, 2 months ago
This is incorrect. Main point here is that S3 bucket events can't publish events of changing "public access status". Here is also description of s3-bucket-level-public-access-prohibited: "Checks if S3 buckets are publicly accessible. The rule is NON_COMPLIANT if an S3 bucket is not listed in the excludedPublicBuckets parameter and bucket level settings are public."
upvoted 3 times
...
...
Christina666
1 year, 3 months ago
Selected Answer: D
AWS config
upvoted 3 times
...
Gil80
1 year, 8 months ago
Selected Answer: D
I think D is correct: https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-public-read-prohibited.html
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago