AWS Certified Security – Specialty SCS-C01 – Question036 - AWS Certified Security

A Security Administrator is configuring an Amazon S3 bucket and must meet the following security requirements:

Encryption in transit
Encryption at rest
Logging of all object retrievals in AWS CloudTrail

Which of the following meet these security requirements? (Choose three.)

A. Specify “aws:SecureTransport”: “true”within a condition in the S3 bucket policy.
B. Enable a security group for the S3 bucket that allows port 443, but not port 80.
C. Set up default encryption for the S3 bucket.
D. Enable Amazon CloudWatch Logs for the AWS account.
E. Enable API logging of data events for all S3 objects.
F. Enable S3 object versioning for the S3 bucket.

Correct Answer: ACE

Explanation:

Reference:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/log-s3-d…