Simple Storage Service (S3) Flashcards
A company is storing data on Amazon Simple Storage Service (S3). The company’s security policy mandates that data is encrypted at rest. Which of the following methods can achieve this? (Choose three.)
A. Use Amazon S3 server-side encryption with AWS Key Management Service managed keys.
B. Use Amazon S3 server-side encryption with customer-provided keys.
C. Use Amazon S3 server-side encryption with EC2 key pair.
D. Use Amazon S3 bucket policies to restrict access to the data at rest.
E. Encrypt the data on the client-side before ingesting to Amazon S3 using their own master key.
F. Use SSL to encrypt the data while in transit to Amazon S3.
A. Use Amazon S3 server-side encryption with AWS Key Management Service managed keys.
B. Use Amazon S3 server-side encryption with customer-provided keys.
C. Use Amazon S3 server-side encryption with EC2 key pair.
D. Use Amazon S3 bucket policies to restrict access to the data at rest.
E. Encrypt the data on the client-side before ingesting to Amazon S3 using their own master key.
F. Use SSL to encrypt the data while in transit to Amazon S3.
Question #16 Topic 1
You control access to S3 buckets and objects with:
A. Identity and Access Management (IAM) Policies.
B. Access Control Lists (ACLs).
C. Bucket Policies.
D. All of the above
A. Identity and Access Management (IAM) Policies.
B. Access Control Lists (ACLs).
C. Bucket Policies.
D. All of the above
Question #19 Topic 1
The following policy can be attached to an IAM group. It lets an IAM user in that group access a “home directory” in AWS S3 that matches their user name using the console.
~~~
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Action”: [
“s3:”
],
“Effect”: “Allow”,
“Resource”: [
“arn:aws:s3:::bucket-name”
],
“Condition”: {
“StringLike”: {
“s3:prefix”: [
“home/${aws:username}/”
]
}
}
},
{
“Action”: [
“s3:”
],
“Effect”: “Allow”,
“Resource”: [
“arn:aws:s3:::bucket-name/home/${aws:username}/”
]
}
]
}
~~~
A. True
B. False
A. True
B. False
