Which of the following actions will meet this requirement?

By:
In: SOA-C02
Tagged:
With: 1 Comment
A company must ensure that any objects uploaded to an S3 bucket are encrypted.

Which of the following actions will meet this requirement?

(Choose two.)

Implement AWS Shield to protect against unencrypted objects stored in S3 buckets.

Implement Object access control list (ACL) to deny unencrypted objects from being uploaded to the S3 bucket.

Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored.

Implement Amazon Inspector to inspect objects uploaded to the S3 bucket to make sure that they are encrypted.

Implement S3 bucket policies to deny unencrypted objects from being uploaded to the buckets.

Explanations:

AWS Shield protects against DDoS attacks and does not handle object encryption in S3 buckets.

Object ACLs control permissions at the object level but cannot enforce encryption on uploaded objects.

Enabling S3 default encryption ensures that all new objects are automatically encrypted upon upload.

Amazon Inspector is for vulnerability assessments and compliance, not for verifying encryption in S3.

S3 bucket policies can be used to enforce encryption by denying uploads that do not specify encryption.

2025-10-10

1 Comment

  1. Heather
    Author

    I weigh that the answer is:
    Implement Amazon S3 default encryption to make sure that any object being uploaded is encrypted before it is stored.

Leave a Reply

Your email address will not be published. Required fields are marked *

seventeen + 13 =