Which combination of steps would meet the requirements?

SCS-C01 0 Comments

A company Is building a data lake on Amazon S3. The data consists of millions of small files containing sensitive information.

The security team has the following requirements for the architecture:

• Data must be encrypted in transit.

• Data must be encrypted at rest.

• The bucket must be private, but if the bucket is accidentally made public, the data must remain confidential.

Which combination of steps would meet the requirements? (Select THREE.)
A . Enable AES-256 encryption using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) on the S3 bucket
B . Enable default encryption with server-side encryption with AWS KMS-managed keys (SSE-KMS) on the S3 bucket.
C . Add a bucket policy that includes a deny if a PutObject request does not include awsiSecureTcanspoct.
D . Add a bucket policy with ws: Sourcelpto Allow uploads and downloads from the corporate intranet only.
E . Add a bucket policy that includes a deny if a PutObject request does not include s3:x-amz-sairv9r-side-enctyption: "aws: kms".
F . Enable Amazon Macie to monitor and act on changes to the data lake’s S3 bucket.

Answer: B,D,F

Latest SCS-C01 Dumps Valid Version with 470 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SCS-C01 PDF     SCS-C01 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments