AWS Certified SysOps Administrator – Associate — Question 163

A company maintains a large set of sensitive data in an Amazon S3 bucket. The company's security team asks a SysOps administrator to help verify that all current objects in the S3 bucket are encrypted.

What is the MOST operationally efficient solution that meets these requirements?

Answer options

• A. Create a script that runs against the S3 bucket and outputs the status of each object.
• B. Create an S3 Inventory configuration on the S3 bucket. Include the appropriate status fields.
• C. Provide the security team with an IAM user that has read access to the S3 bucket.
• D. Use the AWS CLI to output a list of all objects in the S3 bucket.

Correct answer: B

Explanation

The best solution is to create an S3 Inventory configuration because it allows for automated and periodic reporting of the encryption status of objects in the bucket, which is efficient for large datasets. A script would require continuous maintenance and manual execution, while providing IAM access would not directly address the need for verification of encryption status. Using the AWS CLI would also require manual efforts without providing ongoing reports.