A company is using many Amazon S3 buckets to hold confidential data. Some of the S3 buckets are riot encrypted. The company wants to use AWS Key Management Service (AWS KMS) customer managed keys to encrypt the S3 buckets. The company wants a solution that will detect any S3 buckets that are not encrypted and apply AWS KMS encryption to each noncompliant S3 bucket. Which solution will meet these requirements with the LEAST operational overhead?

Topic #: - All AWS Certified Solutions Architect - Professional Questions

A. Configure the s3-default-encryption-kms AWS Config managed rule with manual remediation to check for AWS KMS encryption on the S3 buckets. Modify the properties of the noncompliant S3 buckets to turn on AWS KMS encryption.
B. Configure a custom AWS Config rule with manual remediation to check for AWS KMS encryption on the S3 buckets. Modify the properties of the noncompliant buckets to turn on AWS KMS encryption.
C. Configure the s3-default-encryption-kms AWS Config managed rule. Create an automatic remediation script for the rule that will turn on AWS KMS encryption for any noncompliant buckets.
D. Configure a custom AWS Config rule to check for AWS KMS encryption on the S3 buckets. Create an automatic remediation script for the rule that will turn on AWS KMS encryption for any noncompliant buckets.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Reference Material:

Suggested Answer:

Reference Material:

Share this post

Join the Discussion