Multiple Choice
A Security Engineer has discovered that, although encryption was enabled on the Amazon S3 bucket examplebucket, anyone who has access to the bucket has the ability to retrieve the files. The Engineer wants to limit access to each IAM user can access an assigned folder only. What should the Security Engineer do to achieve this?
A) Use envelope encryption with the AWS-managed CMK aws/s3.
B) Create a customer-managed CMK with a key policy granting "kms:Decrypt" based on the "${aws:username}" variable.
C) Create a customer-managed CMK for each user. Add each user as a key user in their corresponding key policy.
D) Change the applicable IAM policy to grant S3 access to "Resource": "arn:aws:s3:::examplebucket/${aws:username}/*"
Correct Answer:
Verified
Correct Answer:
Verified
Q38: A Security Engineer is building a Java
Q39: An application uses Amazon Cognito to manage
Q40: A security engineer needs to ensure their
Q41: Authorized Administrators are unable to connect to
Q42: An application outputs logs to a text
Q44: Which of the following is the most
Q45: A company is configuring three Amazon EC2
Q46: A Security Engineer is defining the logging
Q47: A company plans to move most of
Q48: An organization wants to be alerted when