AWS Certified Cloud Practitioner (CLF-C02) — Question 161

Which action is a security best practice for access to sensitive data that is stored in an Amazon S3 bucket?

Answer options

• A. Enable S3 Cross-Region Replication (CRR) on the S3 bucket.
• B. Use IAM roles for applications that require access to the S3 bucket.
• C. Configure AWS WAF to prevent unauthorized access to the S3 bucket.
• D. Configure Amazon GuardDuty to prevent unauthorized access to the S3 bucket.

Correct answer: B

Explanation

Using IAM roles is a best practice because it allows for fine-grained access control and enhances security by not hardcoding credentials. The other options, while useful for different purposes, do not directly address secure access management for applications needing to access sensitive data in the S3 bucket.