A company uses Amazon S3 to store documents that may only be accessible to an Amazon EC2 instance in a certain virtual private cloud (VPC) . The company fears that a malicious insider with access to this instance could also set up an EC2 instance in another VPC to access these documents. Which of the following solutions will provide the required protection?
A) Use an S3 VPC endpoint and an S3 bucket policy to limit access to this VPC endpoint.
B) Use EC2 instance profiles and an S3 bucket policy to limit access to the role attached to the instance profile.
C) Use S3 client-side encryption and store the key in the instance metadata.
D) Use S3 server-side encryption and protect the key with an encryption context.
Correct Answer:
Verified
Q392: A user has created a VPC with
Q393: You set up your first Lambda function
Q394: A Provisioned IOPS volume must be at
Q395: You create an Amazon Elastic File System
Q396: You have been asked to set up
Q398: Which of the following is the final
Q399: A user has created a VPC with
Q400: A company has created an account for
Q401: A company runs a three-tier application in
Q402: A company is using an Amazon CloudFront
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents