AWS Certified SysOps Administrator – Associate (legacy) — Question 531

A SysOps Administrator has received a request to enable access logging for a Network Load Balancer and is setting up an Amazon S3 bucket to store the logs.
What are the MINIMUM requirements for the S3 bucket? (Choose two.)

Answer options

• A. The bucket must be in the same Region as the Network Load Balancer.
• B. The bucket must have a bucket policy that grants Elastic Load Balancing permissions to write the access logs to the bucket.
• C. The bucket must have encryption enabled.
• D. The bucket must have lifecycle policies set.
• E. The bucket must have public access disabled.

Correct answer: A, B

Explanation

To enable Network Load Balancer access logging, the destination Amazon S3 bucket must be located in the same AWS Region as the load balancer. Additionally, you must attach a bucket policy to the S3 bucket that grants the Elastic Load Balancing service principal permission to write the log files. While enabling encryption, lifecycle policies, and blocking public access are security and cost-optimization best practices, they are not minimum requirements for enabling NLB access logs.