Which of the below 2 options can NOT be used to enable “S3 Block Public Access”?(Select TWO.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.Answer: D and E.
Option A is INCORRECT.
We can use Rest APIs to enable “S3 Block Public Access”.
Option B is INCORRECT.
S3 console can be used to enable “S3 Block Public Access”.
Option C is INCORRECT.
SDKs can be used to enable “S3 Block Public Access”.
Option D is CORRECT.
AWS CLI S3 mb command is used to “make a bucket” and cannot be used to enable “S3 Block Public Access”.
Option E is CORRECT.
S3 Object Lock helps us to associate retention date to S3 objects.
Deletion of the S3 objects is prevented until the specified retention date.
Reference:
https://aws.amazon.com/blogs/storage/amazon-s3-consistently-raises-the-bar-in-data-security/ https://docs.aws.amazon.com/cli/latest/reference/s3/mb.htmlThe S3 Block Public Access feature is a security feature in Amazon S3 that helps customers ensure that the S3 buckets and objects are not publicly accessible. This feature provides four settings that you can use to restrict public access to your S3 resources.
The four settings are:
Now, let's review the given options and see which of them can NOT be used to enable S3 Block Public Access.
Option A: Rest APIs - INCORRECT
Amazon S3 provides REST APIs that allow you to manage your S3 resources programmatically. The REST APIs allow you to set Block Public Access settings for your S3 buckets and objects, and therefore, can be used to enable S3 Block Public Access.
Option B: S3 Console - INCORRECT
The Amazon S3 console provides a web-based interface that allows you to manage your S3 resources. The console allows you to set Block Public Access settings for your S3 buckets and objects, and therefore, can be used to enable S3 Block Public Access.
Option C: SDKs - INCORRECT
Amazon S3 provides SDKs for different programming languages that allow you to manage your S3 resources programmatically. The SDKs allow you to set Block Public Access settings for your S3 buckets and objects, and therefore, can be used to enable S3 Block Public Access.
Option D: AWS CLI “S3 mb” command - INCORRECT
The AWS Command Line Interface (CLI) provides a command-line interface that allows you to manage your AWS resources from the terminal. The S3 CLI command "s3 mb" can be used to create an S3 bucket, but it does not provide an option to set Block Public Access settings. However, you can use the "s3api" command to set Block Public Access settings for your S3 buckets and objects, and therefore, this option is incorrect.
Option E: S3 Object Lock - CORRECT
S3 Object Lock is a feature that allows you to store objects using a write-once-read-many (WORM) model. S3 Object Lock can be used to protect objects from deletion or modification, but it does not provide any settings to restrict public access to your S3 resources. Therefore, this option is correct.
In conclusion, the options that cannot be used to enable S3 Block Public Access are Option D (AWS CLI "S3 mb" command) and Option E (S3 Object Lock).