AWS Certified SysOps Administrator – Associate — Question 153

A company updates its security policy to prohibit the public exposure of any data in Amazon S3 buckets in the company's account.

What should a SysOps administrator do to meet this requirement?

Answer options

• A. Turn on S3 Block Public Access from the account level.
• B. Create an Amazon Event Bridge (Amazon CloudWatch Events) rule to enforce that all S3 objects are private.
• C. Use Amazon Inspector to search for S3 buckets and to automatically reset S3 ACLs if any public S3 buckets are found.
• D. Use S3 Object Lambda to examine S3 ACLs and to change any public S3 ACLs to private.

Correct answer: A

Explanation

The correct answer is A because enabling S3 Block Public Access at the account level will prevent any public access to all S3 buckets in that account. Options B, C, and D propose additional measures that do not comprehensively address the requirement to block public access uniformly across all S3 buckets.