AWS Certified SysOps Administrator SOA-C01 – Question579

InfoSec is concerned that an employee may expose sensitive data in an Amazon S3 bucket.
How can this concern be addressed without putting undue restrictions on users?

A.
Apply an IAM policy on all users that denies the action s3:PutBucketPolicy
B. Restrict S3 bucket access to specific IAM roles managed using federated access
C. Activate an AWS Config rule to identify public buckets and alert InfoSec using Amazon SNS
D. Email the findings of AWS Personal Health Dashboard to InfoSec daily

Correct Answer: B