AWS Certified SysOps Administrator – Associate (legacy) — Question 148

An Amazon S3 bucket in a SysOps Administrator's account can be accesses by users in other SWS accounts.
How can the Administrator ensure that the bucket is only accessible to members of the Administrator's AWS account?

Answer options

• A. Move the S3 bucket from a public subnet to a private subnet in the Amazon VPC.
• B. Change the bucket access control list (ACL) to restrict access to the bucket owner.
• C. Enable server-side encryption for all objects in the bucket.
• D. Use only Amazon S3 presigned URLs for accessing objects in the bucket.

Correct answer: B

Explanation

The correct answer is B because changing the bucket ACL to restrict access to the bucket owner ensures that only users within the Administrator's AWS account can access the bucket. Options A and C do not address access control, and option D does not restrict access; it merely provides a method for accessing objects.