AmazonAmazon
SAP-C02 · Question #682
SAP-C02 Question #682: Real Exam Question with Answer & Explanation
The correct answer is A: Create a new AWS account that is accessible only to the security team through an assumed role.. https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html
Submitted by joshua94· Mar 6, 2026Design Solutions for Organizational Complexity
Question
A company has an application that stores data in a single Amazon S3 bucket. The company must keep all data for 1 year. The company's security team is concerned that an attacker could gain access to the AWS account through leaked long-term credentials. Which solution will ensure that existing and future objects in the S3 bucket are protected?
Options
- ACreate a new AWS account that is accessible only to the security team through an assumed role.
- BUse the s3-bucket-versioning-enabled AWS Config managed rule. Configure an automatic
- CExplicitly deny bucket creation from all users and roles except for an AWS Service Catalog launch
- DEnable Amazon GuardDuty with the S3 protection feature for the account and the AWS Region.
Explanation
https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html
Community Discussion
No community discussion yet for this question.