Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

Get $4 OFF in AWS Solutions Architect & Data Engineer Associate Practice Exams for $10.99 each ONLY!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty Wrong answer practice test

Tagged: 

  • Wrong answer practice test

     TutorialsDojo-Support updated 3 years, 7 months ago 2 Members · 2 Posts
    AWS Certified Security – Specialty

  • RandomNickname

    Member
    September 15, 2020 at 10:47 pm

    Hi,

    I think that one of the following answers are wrong.

    The answers with * are marked correct, but one of them is wrong.

    Category: SEC – Data Protection

    A financial company is using hundreds of Amazon S3 buckets to store sensitive corporate files. There is a requirement to improve the security of the data stored in S3 buckets. The files must be encrypted in transit and also at rest. Any object retrievals must be logged using AWS CloudTrail for audit purposes.

    What should the Security Engineer implement to satisfy the above security requirements? (Select THREE.)

    * Enable default encryption in the S3 bucket.

    * Add the { “Bool”: { “aws:SecureTransport”: “false” } } condition in the S3 bucket policy.

    Modify the security group of the Amazon S3 bucket to only allow access via port 443.

    Enable S3 object versioning for the S3 bucket.

    * Enable object-level logging in the S3 bucket to log data events.

    Enable S3 Events Notification.

    This answer –> * Add the { “Bool”: { “aws:SecureTransport”: “false” } } condition in the S3 bucket policy. Must be “aws:SecureTransport”: “true” and not false due to the scenario require that files must be encrypted in transit.

  • TutorialsDojo-Support

    Member
    September 22, 2020 at 10:38 pm

    Hello RandomNickname,

    Thanks for the feedback.

    The option “Add the { “Bool”: { “aws:SecureTransport”: “false” } } condition in the S3 bucket policy” came from the AWS documentation to force HTTPS access to the bucket.

    Basically, the Bucket policy will “Deny” all requests with a condition if the user is trying to access via HTTP only.

    This is the whole bucket policy.

    {
    “Id”: “ExamplePolicy”,
    “Version”: “2012-10-17”,
    “Statement”: [
    {
    “Sid”: “AllowSSLRequestsOnly”,
    “Action”: “s3:*”,
    “Effect”: “Deny”,
    “Resource”: [
    “arn:aws:s3:::awsexamplebucket”,
    “arn:aws:s3:::awsexamplebucket/*”
    ],
    “Condition”: {
    “Bool”: {
    “aws:SecureTransport”: “false”
    }
    },
    “Principal”: “*”
    }
    ]
    }

    AWS also explains on why { “Bool”: { “aws:SecureTransport”: “true” } } should be avoided.

    Please refer to this link for a more in-depth explanation: https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/

    Let us know if you need further assistance. The Tutorials Dojo team is dedicated to helping you pass your AWS exam!

    Regards,

    Kenneth Samonte @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now