During an external penetration test you find an Amazon S3 bucket called corp-app-logs. The bucket policy allows the s3:ListBucket action to the "*" principal, letting anyone on the Internet enumerate object keys. Internal applications that reside in the company's VPC must continue to read and write objects normally. Which single configuration change will most effectively stop external enumeration without breaking the internal workflow?
Enable S3 Block Public Access for the bucket to disallow public ACLs and public policy grants
Create a lifecycle rule that moves objects to Amazon S3 Glacier after 30 days
Turn on default server-side encryption (SSE-S3) for all objects in the bucket
Enable S3 Versioning to keep prior revisions of every object in the bucket
Enabling S3 Block Public Access at the bucket level overrides any public ACLs or bucket policies that expose the resource. It prevents anonymous principals from using ListBucket (or any other public action) while leaving IAM-authenticated requests from the company's applications unaffected. Switching on server-side encryption, versioning, or lifecycle policies improves confidentiality, resiliency, or cost control, but none of them removes the unintended public ListBucket permission, so enumeration would remain possible.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an Amazon S3 bucket and what does it store?
Open an interactive chat with Bash
What does S3 Block Public Access do, and why is it important?
Open an interactive chat with Bash
How do internal applications in a VPC access S3 buckets securely after enabling Block Public Access?
Open an interactive chat with Bash
What is S3 Block Public Access and how does it work?
Open an interactive chat with Bash
What is the s3:ListBucket action and why is it a security risk?
Open an interactive chat with Bash
How does enabling S3 Block Public Access affect internal applications using IAM roles?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Cloud Computing
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .