Search⌘ K
AI Features
Home
Courses
Master AWS Certified Solutions Architect Associate SAA-C03 Exam

SAA-C03 Domain 1: Design Secure Architectures Questions

Explore key concepts in designing secure AWS architectures with targeted practice questions. This lesson helps you understand how to enforce security policies across AWS accounts, manage access to S3 and CloudTrail logs, and control encryption key permissions, equipping you to build compliant and resilient cloud solutions.

We'll cover the following...

Question 1

A company uses AWS Organizations and wants to ensure that no IAM principal in any member account can make an Amazon S3 bucket public, either through bucket policies or public ACLs. The security team requires a solution that is preventative and centrally enforced across all accounts.

Which solution should a solutions architect implement to meet these requirements?

A. Enable S3 Block Public Access on each bucket and require developers to keep it enabled.

B. Enable AWS Config managed rules to detect public buckets and run remediation.

C. Use a Service Control Policy (SCP) to deny s3:PutBucketPolicy and s3:PutBucketAcl for all principals in member ...