What should the Security Engineer do to achieve this?

SCS-C01 0 Comments

A Security Engineer has discovered that, although encryption was enabled on the Amazon S3 bucket example bucket, anyone who has access to the bucket has the ability to retrieve the files. The Engineer wants to limit access to each IAM user can access an assigned folder only.

What should the Security Engineer do to achieve this?
A . Use envelope encryption with the AWS-managed CMK aws/s3.
B . Create a customer-managed CMK with a key policy granting “kms:Decrypt” based on the “${aws:username}” variable.
C . Create a customer-managed CMK for each user. Add each user as a key user in their corresponding key policy.
D . Change the applicable IAM policy to grant S3 access to “Resource”: “arn:aws:s3:::examplebucket/${aws:username}/*”

Answer: B

Reference: https://aws.amazon.com/premiumsupport/knowledge-center/iam-s3-user-specific-folder/

Latest SCS-C01 Dumps Valid Version with 470 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SCS-C01 PDF     SCS-C01 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments