AWS Certified SysOps Administrator – Associate (legacy) — Question 886

A SysOps Administrator manages an application that stores object metadata in Amazon S3. There is a requirement to have S2 server-side encryption enabled on all new objects in the bucket.
How can the Administrator ensure that all new objects to the bucket satisfy this requirement?

Answer options

• A. Create an S3 lifecycle rule to automatically encrypt all new objects.
• B. Enable default bucket encryption to ensure that all new objects are encrypted.
• C. Use put-object-acl to allow objects to be encrypted with S2 server-side encryption.
• D. Apply the authorization header to S3 requests for S3 server-side encryption.

Correct answer: B

Explanation

Enabling default bucket encryption on Amazon S3 ensures that all newly uploaded objects are automatically encrypted without requiring the client to specify encryption headers in their write requests. S3 lifecycle rules are designed for transitioning or expiring objects, not for applying encryption. The put-object-acl command manages access permissions rather than encryption, and authorization headers are used for request authentication, making Option B the correct solution.