The Security Engineer has discovered that a new application that deals with highly sensitive data is storing Amazon S3 objects with the following key pattern, which itself contains highly sensitive data. Pattern: "randomID_datestamp_PII.csv" Example: "1234567_12302017_000-00-0000 csv" The bucket where these objects are being stored is using server-side encryption (SSE) . Which solution is the most secure and cost-effective option to protect the sensitive data?
A) Remove the sensitive data from the object name, and store the sensitive data using S3 user-defined metadata.
B) Add an S3 bucket policy that denies the action s3:GetObject
C) Use a random and unique S3 object key, and create an S3 metadata index in Amazon DynamoDB using client-side encrypted attributes.
D) Store all sensitive objects in Binary Large Objects (BLOBS) in an encrypted Amazon RDS instance.
Correct Answer:
Verified
Q46: A Systems Administrator has written the following
Q47: A Security Analyst attempted to troubleshoot the
Q48: An organization operates a web application that
Q49: An application has been built with Amazon
Q50: Which of the following is the most
Q52: An organization is using AWS CloudTrail, Amazon
Q53: A Security Architect is evaluating managed solutions
Q54: A company has a forensic logging use
Q55: A company has two AWS accounts, each
Q56: A Security Engineer must add additional protection
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents