Amazon S3 Security and Access Management

Prev Question Next Question

Question

Which of the below statements are true with regards to Amazon S3 security and access management? Choose 2.

Answers

A. Self-created S3 resources are only accessible to the user by default.

B. Access Control Lists (ACLs) could be used to grant time bound access using temporary URLs.

C. By default S3 buckets are private, however, objects are public. The object owner needs to change the permissions upon creation of objects to make the objects private.

D. Amazon Macie can protect data in Amazon EC2.

E. Server-side and client-side encryptions are supported by S3 for data uploads.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Answer: A, E.

Option A is CORRECT.

Users, by default, have access only to the S3 resources that they have created.

Option B is INCORRECT.

Time-bound access using temporary URLs can be provided using query string authentication.

Option C is INCORRECT.

By default, both S3 buckets and objects are private.

Option D is INCORRECT.

Amazon Macie is a tool to protect the data in Amazon S3 instead of EC2.

Option E is CORRECT.

S3 supports both server-side and client-side encryptions.

Reference:

https://aws.amazon.com/s3/security/

The two true statements regarding Amazon S3 security and access management are B and E.

B. Access Control Lists (ACLs) could be used to grant time-bound access using temporary URLs: Access Control Lists (ACLs) in Amazon S3 are used to manage access to buckets and objects. ACLs allow the bucket owner to grant permissions to other AWS accounts or to the public. Temporary URLs can be generated by the bucket owner using the pre-signed URL feature to grant access to specific objects for a limited time period.

E. Server-side and client-side encryptions are supported by S3 for data uploads: Amazon S3 provides the option to encrypt data both on the server-side and client-side. Server-side encryption allows S3 to encrypt data before storing it on disks in its data centers, while client-side encryption allows data to be encrypted before being sent to S3. Both types of encryption help to protect sensitive data from unauthorized access.

A. Self-created S3 resources are only accessible to the user by default: This statement is false. By default, S3 resources are private and only accessible by the resource owner. However, the resource owner can grant permissions to other AWS accounts or to the public using ACLs or bucket policies.

C. By default S3 buckets are private, however, objects are public. The object owner needs to change the permissions upon creation of objects to make the objects private: This statement is also false. By default, both S3 buckets and objects are private and only accessible by the resource owner. The object owner can choose to grant access to other AWS accounts or to the public using ACLs or bucket policies.

D. Amazon Macie can protect data in Amazon EC2: This statement is false. Amazon Macie is a security service provided by AWS that helps to discover, classify, and protect sensitive data in Amazon S3. It does not provide protection for data in Amazon EC2. However, Amazon EC2 provides its own security features, such as security groups and network ACLs, to protect instances and data.

Prev Question Next Question