Which combination of actions should a SysOps administrator take to meet these requirements?
An Amazon S3 Inventory report reveals that more than 1 million objects in an S3 bucket are not encrypted These objects must be encrypted, and all future objects must be encrypted at the time they are written.
Which combination of actions should a SysOps administrator take to meet these requirements? (Select TWO)
A . Create an AWS Config rule that runs evaluations against configuration changes to the S3 bucket When an unencrypted object is found run an AWS Systems Manager Automation document to encrypt the object in place
B . Edit the properties of the S3 bucket to enable default server-side encryption
C . Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted Create an S3 Batch Operations job to copy each object in place with encryption enabled
D . Filter the S3 Inventory report by using S3 Select to find all objects that are not encrypted Send each object name as a message to an Amazon Simple Queue Service (Amazon SQS) queue Use the SQS queue to invoke an AWS Lambda function to tag each object with a key of "Encryption" and a value of "SSE-KMS"
E . Use S3 Event Notifications to invoke an AWS Lambda function on all new object-created events for the S3 bucket Configure the Lambda function to check whether the object is encrypted and to run an AWS Systems Manager Automation document to encrypt the object in place when an unencrypted object is found
Answer: BC
Explanation:
To ensure all objects in the S3 bucket are encrypted, including future objects, the following steps should be taken:
Enable Default Server-Side Encryption:
Edit the properties of the S3 bucket to enable default server-side encryption. This ensures that all new objects written to the bucket are encrypted by default.
Navigate to the S3 console, select the bucket, go to the "Properties" tab, and under "Default encryption", select the encryption method (SSE-S3, SSE-KMS, etc.).
Reference: Amazon S3 Default Encryption
Use S3 Inventory and S3 Select:
Use S3 Inventory to generate a report of all objects in the bucket. This report helps identify which objects are not encrypted.
Use S3 Select to filter the inventory report and find all unencrypted objects.
Reference: Amazon S3 Inventory
Create S3 Batch Operations Job:
Create an S3 Batch Operations job to copy each unencrypted object in place with encryption enabled. This can be done through the S3 console or using AWS CLI/SDK.
This job can efficiently encrypt a large number of objects without the need to move data out of S3.
Reference: Amazon S3 Batch Operations
By following these steps, the SysOps administrator ensures that all existing and future objects in the S3 bucket are encrypted, thereby meeting the security requirements.
Latest SOA-C02 Dumps Valid Version with 54 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund