AWS Certified SysOps Administrator SOA-C01 – Question516

A customer enquires about whether all his data is secure on AWS, and is especially concerned about Elastic Map Reduce (EMR). You need to inform him of some of the security features in place for AWS. Which of the below statements is incorrect regarding EMR or S3?

A.
Every packet sent in the AWS network uses Internet Protocol Security (IPsec).
B. Amazon S3 provides authentication mechanisms to ensure that stored data is secured against unauthorized access.
C. Customers may encrypt the input data before they upload it to Amazon S3.
D. Amazon EMR customers can choose to send data to Amazon S3 using the HTTPS protocol for secure transmission.

Correct Answer: A

Explanation:

Explanation: Amazon S3 provides authentication mechanisms to ensure that stored data is secured against unauthorized access. Unless the customer who is uploading the data specifies otherwise, only that cus-tomer can access the data. Amazon EMR customers can also choose to send data to Amazon S3 us-ing the HTTPS protocol for secure transmission. In addition, Amazon EMR always uses HTTPS to send data between Amazon S3 and Amazon EC2. For added security, customers may encrypt the input data before they upload it to Amazon S3 (using any common data compression tool); they then need to add a decryption step to the beginning of their cluster when Amazon EMR fetches the data from Amazon S3. IPsec is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. Amazon supports Internet Protocol security (IPsec) VPN connections, but does not protect all data packets at this level. Reference: https://aws.amazon.com/elasticmapreduce/faqs/