Explanation:
The correct answer is A. To enforce that all requests to retrieve data from the Amazon S3 bucket provide encryption in transit, you should define a resource-based policy on the S3 bucket that denies access when the request does not use secure transport. This is done by checking the condition 'aws:SecureTransport': 'false'. This ensures that only requests made over secure transport (HTTPS) can access the bucket, protecting sensitive data during transit.
Ultimate access to all questions.
How can a developer enforce encryption in transit for requests retrieving data from an S3 bucket containing sensitive data, which is encrypted at rest using an AWS KMS key?
A
By denying access through a resource-based policy on the S3 bucket for requests not using secure transport.
B
By allowing access through a resource-based policy on the S3 bucket for requests not using secure transport.
C
By denying access through a role-based policy on other accounts' roles for requests not using secure transport.
D
By denying access through a resource-based policy on the KMS key for requests not using secure transport.
No comments yet.