After a data leakage incident that led to thousands of stolen user profiles, a compliance officer is demanding automatic, auditable security policy checks for all of the company's data stores, starting with public access of Amazon S3 buckets. Which solution will accomplish this with the LEAST amount of effort?
A) Create a custom rule in AWS Config triggered by an S3 bucket configuration change that detects when the bucket policy or bucket ACL allows public read access. Use a remediation action to trigger an AWS Lambda function that automatically disables public access.
B) Create a custom rule in AWS Config triggered by an S3 bucket configuration change that detects when the bucket policy or bucket ACL allows public read access. Trigger an AWS Lambda function that automatically disables public access.
C) Use a managed rule in AWS Config triggered by an S3 bucket configuration change that detects when the bucket policy or bucket ACL allows public read access. Configure a remediation action that automatically disables public access.
D) Use a managed rule in AWS Config triggered by an S3 bucket configuration change that detects when the bucket policy or bucket ACL allows public read access. Configure an AWS Lambda function that automatically disables public access.
Correct Answer:
Verified
Q600: A company requires that all logs are
Q601: Which of these configuration or deployment practices
Q602: As CloudTrail sends a notification each time
Q603: A company updated the AWS CloudFormation template
Q604: A company is using tagging to allocate
Q605: A company wants to use AWS development
Q606: How does Amazon RDS multi Availability Zone
Q608: You are in charge of a large-scale
Q609: Your company wants to understand where cost
Q610: What is the correct syntax for the
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents