Answer-first summary for fast verification
Answer: AWS Config
AWS Config has a managed rule 's3-bucket-public-read-prohibited' and 's3-bucket-public-write-prohibited' that can detect public access and with remediation (using Lambda or SSM) automatically remove such permissions. It's the most efficient for automated compliance and remediation on S3 buckets.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company must automatically remove S3 bucket permissions that allow public read or write access. Which AWS service should be used in the MOST operationally efficient manner?
A
AWS Config
B
AWS Security Hub
C
AWS Trusted Advisor
D
Amazon Inspector
No comments yet.