Q7 — AWS DVA-C02 Ch.1

Question 7 of 100 | ← Chapter 1

A company grants different customers read access to objects in an Amazon S3 bucket. The company uses IAM permissions to restrict access to the S3 bucket. Customers can only access their own files. Due to regulatory requirements, the company must enforce encryption in transit for all interactions with Amazon S3. Which solution meets these requirements?

Correct Answer: A. Add a bucket policy to the S3 bucket that denies S3 operations when the aws:SecureTransport condition equals false.

Explanation

This solution denies access to the S3 bucket for any request not made over HTTPS, thereby enforcing encryption in transit for all interactions with Amazon S3. This is achieved using the aws:SecureTransport condition key in a bucket policy.