AWS Certified Developer – Associate (DVA-C02) — Question 84

A company is providing read access to objects in an Amazon S3 bucket for different customers. The company uses IAM permissions to restrict access to the S3 bucket. The customers can access only their own files.

Due to a regulation requirement, the company needs to enforce encryption in transit for interactions with Amazon S3.

Which solution will meet these requirements?

Answer options

• A. Add a bucket policy to the S3 bucket to deny S3 actions when the aws:SecureTransport condition is equal to false.
• B. Add a bucket policy to the S3 bucket to deny S3 actions when the s3:x-amz-acl condition is equal to public-read.
• C. Add an IAM policy to the IAM users to enforce the usage of the AWS SDK.
• D. Add an IAM policy to the IAM users that allows S3 actions when the s3:x-amz-acl condition is equal to bucket-owner-read.

Correct answer: A

Explanation

The correct answer, A, ensures that any S3 actions are denied unless the request is made using a secure transport layer, thereby enforcing encryption in transit. Option B does not address the encryption requirement; instead, it deals with access control. Options C and D are unrelated to enforcing encryption during data transmission, focusing instead on other types of actions or permissions.