Answer-first summary for fast verification
Answer: By denying access through a resource-based policy on the S3 bucket for requests not using secure transport.
The correct answer is A. To enforce that all requests to retrieve data from the Amazon S3 bucket provide encryption in transit, you should define a resource-based policy on the S3 bucket that denies access when the request does not use secure transport. This is done by checking the condition 'aws:SecureTransport': 'false'. This ensures that only requests made over secure transport (HTTPS) can access the bucket, protecting sensitive data during transit.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can a developer enforce encryption in transit for requests retrieving data from an S3 bucket containing sensitive data, which is encrypted at rest using an AWS KMS key?
A
By denying access through a resource-based policy on the S3 bucket for requests not using secure transport.
B
By allowing access through a resource-based policy on the S3 bucket for requests not using secure transport.
C
By denying access through a role-based policy on other accounts' roles for requests not using secure transport.
D
By denying access through a resource-based policy on the KMS key for requests not using secure transport.
No comments yet.