Amazon Web Services SCS-C02 Exam With Confidence Using Practice Dumps

By disabling SSL termination, you are leaving an unsecure connection from the ELB to the back end instances. Hence this means that part of the data transit is not being encrypted.

Option B is incorrect because this would not guarantee complete encryption of data in transit

Option C and D are incorrect because these would not guarantee encryption

For more information on SSL Listeners for your load balancer, please visit the below URL:

The correct answer is: Use S3 SSE and use SSL for data in transit

Submit your Feedback/Queries to our Experts

AWS Organizations and SCPs:

SCPs allow centralized control over permissions across all accounts in an AWS Organization.

Use SCPs to prevent specific actions, such as S3 bucket deletion, across all accounts.

Create an SCP for S3 Bucket Deletion:

Define an SCP that explicitly denies thes3:DeleteBucketaction.

Example SCP:

{

"Version": "2012-10-17",

"Statement": [

{

"Effect": "Deny",

"Action": "s3:DeleteBucket",

"Resource": "*"

}

]

}

Attach SCP to the Root or Specific OUs:

Attach the SCP to the root of the organization or specific organizational units (OUs) as needed.

Advantages:

Scalability: Applies to all accounts in the organization without the need for individual configuration.

Compliance: Ensures sensitive S3 buckets are protected from accidental or malicious deletion.

AWS Organizations SCP Documentation

Restricting S3 Actions with SCPs

 To meet the requirement of rotating the AWS KMS customer managed key every year, the most appropriate solution would be to enable automatic key rotation annually for the existing customer managed key. This will ensure that AWS KMS generates new cryptographic material for the CMK every year. AWS KMS also saves the CMK’s older cryptographic material in perpetuity so it can be used to decrypt data that it encrypted. AWS KMS does not delete any rotated key material until you delete the CMK.