AWS Certified SysOps Administrator – Associate — Question 15

A company must ensure that any objects uploaded to an S3 bucket are encrypted.
Which of the following actions will meet this requirement? (Choose two.)

Answer options

• A. Implement AWS Shield to protect against unencrypted objects stored in S3 buckets.
• B. Implement Object access control list (ACL) to deny unencrypted objects from being uploaded to the S3 bucket.
• C. Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored.
• D. Implement Amazon Inspector to inspect objects uploaded to the S3 bucket to make sure that they are encrypted.
• E. Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets.

Correct answer: C, E

Explanation

The correct answers are C and E. Implementing Amazon S3 default encryption (C) ensures that all objects uploaded are automatically encrypted, meeting the requirement. Using S3 bucket policies (E) allows the company to deny uploads of unencrypted objects, which also helps enforce the encryption requirement. Options A, B, and D do not address the encryption requirement effectively; AWS Shield and Amazon Inspector are not designed for this purpose, and ACLs do not provide the needed encryption enforcement.