Q17 — AWS SAP-C02 Ch.3

Question 17 of 75 | ← Chapter 3

Q242. A company is designing a new website that hosts static content. The website will give users the ability to upload and download large files. According to company requirements, all data must be encrypted in transit and at rest A solutions architect is building the solution by using Amazon S3 and Amazon CloudFront. Which combination of steps will meet the encryption requirements? (Select THREE.)

Correct Answer: A. Turn on S3 server-side encryption for the S3 bucket that the web application uses, C. Create a bucket policy that denies any unencrypted operations in the S3 bucket that the web application uses, E. Configure redirection of HTTP requests to HTTPS requests in CloudFront

Explanation

The correct combination of steps to meet the encryption requirements are: A. Turn on S3 server-side encryption for the S3 bucket that the web application uses.C. Create a bucket policy that denies any unencrypted operations in the S3 bucket that the web application uses.E. Configure redirection of HTTP requests to HTTPS requests in CloudFront. These three steps ensure that data is encrypted in transit and at rest throughout the solution. Step A enables server-side encryption for the S3 bucket that the web application uses. This ensures that any objects uploaded to the bucket are automatically encrypted at rest. Step C creates a bucket policy that denies any unencrypted operations in the S3 bucket. This ensures that all read and write operations must be encrypted, providing an additional layer of security. Step E configures a redirection from HTTP requests to HTTPS requests in CloudFront. This ensures that all traffic between clients and CloudFront is encrypted in transit, providing secure communication. By combining these three steps, the solution meets the company's encryption requirements for data at rest and in transit when hosting static content on Amazon S3 and using Amazon CloudFront.