During a cloud security assessment you learn that an Amazon S3 bucket storing nightly database dumps is publicly readable because an Everyone ACL was applied. Operations want a rapid fix that stops anonymous downloads without touching application code or existing IAM roles. What is the most appropriate action?
Activate S3 server access logging and CloudTrail data event logging for the bucket.
Turn on server-side encryption with AWS KMS for all objects in the bucket.
Enable object versioning and require MFA delete on the bucket.
Enable S3 Block Public Access for the bucket and block public access granted through ACLs.
Turning on S3 Block Public Access at the bucket level and selecting the options that block public ACLs causes Amazon S3 to ignore any existing Everyone ACL, immediately preventing unauthenticated users from downloading objects. The ACL entries remain in the configuration but are no longer honored. Authenticated application traffic that relies on IAM policies is unaffected. Server-side encryption, versioning with MFA delete, and additional logging improve security or visibility but do not revoke public read access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an Amazon S3 bucket?
Open an interactive chat with Bash
What does S3 Block Public Access do?
Open an interactive chat with Bash
What are ACLs in Amazon S3?
Open an interactive chat with Bash
What is S3 Block Public Access, and how does it work?
Open an interactive chat with Bash
What are ACLs in Amazon S3, and why can they create security risks?
Open an interactive chat with Bash
How does enabling S3 Block Public Access affect authenticated traffic?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Cloud Computing
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .