DOP-C02 · Question #91
DOP-C02 Question #91: Real Exam Question with Answer & Explanation
Sign in or unlock DOP-C02 to reveal the answer and full explanation for question #91. The question stem and answer options stay visible for context.
Question
A company is using Amazon S3 buckets to store important documents. The company discovers that some S3 buckets are not encrypted. Currently, the company's IAM users can create new S3 buckets without encryption. The company is implementing a new requirement that all S3 buckets must be encrypted. A DevOps engineer must implement a solution to ensure that server-side encryption is enabled on all existing S3 buckets and all new S3 buckets. The encryption must be enabled on new S3 buckets as soon as the S3 buckets are created. The default encryption type must be 256-bit Advanced Encryption Standard (AES-256). Which solution will meet these requirements?
Options
- ACreate an AWS Lambda function that is invoked periodically by an Amazon EventBridge scheduled
- BSet up and activate the s3-bucket-server-side-encryption-enabled AWS Config managed rule.
- CCreate an AWS Lambda function that is invoked by an Amazon EventBridge event rule. Define the
- DConfigure an IAM policy that denies the s3:CreateBucket action if the s3:x-amz-server-side-encryption
Unlock DOP-C02 to see the answer
You've previewed enough free DOP-C02 questions. Unlock DOP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.