SAP-C02 Question #40: Real Exam Question with Answer & Explanation

Question

A company has an application that generates reports and stores them in an Amazon S3 bucket. When a user accesses their report, the application generates a signed URL to allow the user to download the report. The company's security team has discovered that the files are public and that anyone can download them without authentication. The company has suspended the generation of new reports until the problem is resolved. Which set of actions will immediately remediate the security issue without impacting the application's normal workflow?

Options

• ACreate an AWS Lambda function that applies a deny all policy for users who are not
• BReview the AWS Trusted Advisor bucket permissions check and implement the recommended
• CRun a script that puts a private ACL on all of the objects in the bucket.
• DUse the Block Public Access feature in Amazon S3 to set the IgnorePublicAcls option to TRUE on

Explanation

The S3 bucket is allowing public access and this must be immediately disabled. Setting the IgnorePublicAcls option to TRUE causes Amazon S3 to ignore all public ACLs on a bucket and any objects that it contains. The other settings you can configure with the Block Public Access BlockPublicAcls - PUT bucket ACL and PUT objects requests are blocked if granting public BlockPublicPolicy - Rejects requests to PUT a bucket policy if granting public access. RestrictPublicBuckets - Restricts access to principles in the bucket owners' AWS account. https://aws.amazon.com/s3/features/block-public-access/

No community discussion yet for this question.