Q63 — AWS SAA-C03 Ch.4

Question 63 of 105 | ← Chapter 4

Q258. An image-hosting company stores its objects in Amazon S3 buckets.The company wants to avoid accidental exposure of the objects in the S3 buckets to the public All S3 objects in the entire AWS account need to remain privateWhich solution will meet these requirements?

Correct Answer: D. Use the S3 Block Public Access feature on the account level. Use AWS Organizations to create a service control policy (SCP) that prevents IAM users from changing the setting. Apply the SCP to the account

Explanation

All S3 items in the AWS account as a whole must remain private. this is the crux. so its enough if we just NOT make it public and protect anyone from changing this setting. While guard duty helps to monitor s3 for potential threats its a reactive action. We should always be proactive and not reactive in our solutions so D, block public access to avoid any possibility of the info becoming publicly accessible