AWS Certified Security – Specialty — Question 469

A security administrator is setting up a new AWS account. The security administrator wants to secure the data that a company stores in an Amazon S3 bucket. The security administrator also wants to reduce the chance of unintended data exposure and the potential for misconfiguration of objects that are in the S3 bucket.

Which solution will meet these requirements with the LEAST operational overhead?

Answer options

• A. Configure the S3 Block Public Access feature for the AWS account.
• B. Configure the S3 Block Public Access feature for all objects that are in the bucket.
• C. Deactivate ACLs for objects that are in the bucket. D> Use AWS PrivateLink for Amazon S3 to access the bucket.

Correct answer: A

Explanation

Enabling S3 Block Public Access at the AWS account level provides a centralized safeguard that blocks public access across all buckets and objects in the account, offering the lowest operational overhead. While object-level or bucket-level settings can limit exposure, they require more management and can be bypassed if misconfigured. AWS PrivateLink secures network connectivity but does not natively prevent public bucket misconfigurations.