AWS Certified Security – Specialty — Question 1

A Security Administrator is configuring an Amazon S3 bucket and must meet the following security requirements:
✑ Encryption in transit
✑ Encryption at rest
✑ Logging of all object retrievals in AWS CloudTrail
Which of the following meet these security requirements? (Choose three.)

Answer options

• A. Specify ג€aws:SecureTransportג€: ג€trueג€ within a condition in the S3 bucket policy.
• B. Enable a security group for the S3 bucket that allows port 443, but not port 80.
• C. Set up default encryption for the S3 bucket.
• D. Enable Amazon CloudWatch Logs for the AWS account.
• E. Enable API logging of data events for all S3 objects.
• F. Enable S3 object versioning for the S3 bucket.

Correct answer: A, C, E

Explanation

Option A ensures encryption in transit by enforcing the use of secure transport. Option C provides encryption at rest by setting default encryption for the bucket. Option E enables logging of object access through API logging. Options B, D, and F do not fully address all specified security requirements.