Answer-first summary for fast verification
Answer: Configure a resource-based policy on the S3 bucket to deny access when a request has the condition "aws:SecureTransport": "false"
Overall explanation Correct option: Configure a resource-based policy on the S3 bucket to deny access when a request has the condition "aws:SecureTransport": "false" If you want to prevent potential attackers from manipulating network traffic, you can use HTTPS (TLS) to only allow encrypted connections while restricting HTTP requests from accessing your bucket. To determine whether the request is HTTP or HTTPS, use the aws:SecureTransport global condition key in your S3 bucket policy. The aws:SecureTransport condition key checks whether a request was sent by using HTTP.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company holds sensitive data in an Amazon S3 bucket, encrypted with AWS Key Management Service (AWS KMS). The developer needs to ensure that all users, who have been permitted to perform the S3 GetObject operation from various AWS accounts, utilize encryption in transit.
What is the most appropriate solution for achieving this requirement?
A
Configure a resource-based policy on the S3 bucket to allow access when a request has the condition "aws:SecureTransport": "false"
B
Configure a resource-based policy on the KMS key to deny access when a request has the condition "aws:SecureTransport": "false"
C
Configure a resource-based policy on the S3 bucket to deny access when a request has the condition "aws:SecureTransport": "false"
D
Configure a resource-based policy on the KMS key to allow access when a request has the condition "aws:SecureTransport": "false"
No comments yet.