Multiple Choice
A Company had a security event whereby an Amazon S3 bucket with sensitive information was made public. Company policy is to never have public S3 objects, and the Compliance team must be informed immediately when any public objects are identified. How can the presence of a public S3 object be detected, set to trigger alarm notifications, and automatically remediated in the future? (Choose two.)
A) Turn on object-level logging for Amazon S3. Turn on Amazon S3 event notifications to notify by using an Amazon SNS topic when a PutObject API call is made with a public-read permission. Turn on object-level logging for Amazon S3. Turn on Amazon S3 event notifications to notify by using an Amazon SNS topic when a PutObject API call is made with a public-read permission.
B) Configure an Amazon CloudWatch Events rule that invokes an AWS Lambda function to secure the S3 bucket.
C) Use the S3 bucket permissions for AWS Trusted Advisor and configure a CloudWatch event to notify by using Amazon SNS.
D) Turn on object-level logging for Amazon S3. Configure a CloudWatch event to notify by using an SNS topic when a PutObject API call with public-read permission is detected in the AWS CloudTrail logs. Turn on object-level logging for Amazon S3. Configure a CloudWatch event to notify by using an SNS topic when a API call with public-read permission is detected in the AWS CloudTrail logs.
E) Schedule a recursive Lambda function to regularly change all object permissions inside the S3 bucket.
Correct Answer:
Verified
Correct Answer:
Verified
Q510: In regard to DynamoDB, for which one
Q511: Amazon Elastic File System (EFS) provides information
Q512: A company runs an e-commerce platform with
Q513: You are designing a social media site
Q514: Does an AWS Direct Connect location provide
Q516: A media company has a 30-TB repository
Q517: A company wants to change its internal
Q518: An on-premises application will be migrated to
Q519: You have setup an Auto Scaling group.
Q520: A user has created a VPC with