Explanation:
AWS Config rules can be used to evaluate if an S3 bucket allows public read or write access (e.g., using the s3-bucket-public-read-prohibited rule). To automatically remove these permissions, AWS Config supports automatic remediation using AWS Systems Manager Automation documents. This provides a highly operationally efficient mechanism to detect and automatically revert non-compliant resource states.
Ultimate access to all questions.
Question 5
A company wants to store sensitive financial data within Amazon S3 buckets. The company has a corporate policy that does not allow public read or write access to the buckets. A SysOps administrator must create a solution to automatically remove S3 permissions that allow public read or write access. Which AWS service should the SysOps administrator use to meet these requirements in the MOST operationally efficient manner?
A
AWS Config
B
AWS Security Hub
C
AWS Trusted Advisor
D
Amazon Inspector
No comments yet.