Answer-first summary for fast verification
Answer: Implement the S3 Block Public Access feature at the account level and enforce a service control policy via AWS Organizations to restrict IAM users from altering this setting.
The correct answer is D. Using the S3 Block Public Access feature at the account level ensures that no S3 buckets or objects can be made public, providing a comprehensive and fail-safe solution. Additionally, using AWS Organizations to create a service control policy (SCP) that prevents IAM users from changing the setting ensures that no accidental or unauthorized modifications can bypass this protection. This approach provides both a technical and administrative safeguard against public exposure of S3 objects.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can an image-hosting company ensure that all objects in its Amazon S3 buckets remain private and avoid accidental public exposure?
A
Monitor S3 bucket policies with Amazon GuardDuty and set up an AWS Lambda function for automatic remediation of public access changes.
B
Utilize AWS Trusted Advisor to identify publicly accessible S3 buckets, set up email alerts, and manually adjust bucket policies as needed.
C
Employ AWS Resource Access Manager to detect publicly accessible S3 buckets, use Amazon SNS to trigger a Lambda function for automated remediation upon policy change detection.
D
Implement the S3 Block Public Access feature at the account level and enforce a service control policy via AWS Organizations to restrict IAM users from altering this setting.
No comments yet.