Security I
Review assessment questions and explanations against all options to equip yourself with the necessary understanding to confidently tackle the AWS Certified Developer – Associate (DVA-C02) exam questions from the Security domain.
We'll cover the following...
Question 22
A developer needs to ensure that every new object uploaded to an Amazon S3 bucket is encrypted at rest using server-side encryption (SSE). The developer wants to use the most robust method to explicitly reject requests that do not specify encryption headers.
Which solution provides this definitive enforcement mechanism?
A. Configure the S3 bucket to use default encryption with SSE-S3.
B. Implement an AWS Lambda function triggered by s3:ObjectCreated:* to immediately delete unencrypted objects.
C. Attach an S3 bucket policy that uses the s3:x-amz-server-side-encryption condition key to deny any PutObject request without an encryption header.
D. Use AWS Key Management Service (AWS KMS) to ...