ExpertMedium1 markMultiple Choice
AWS SAA-C03 · Question 18 · Domain 1.2: Secure Workloads
A company is using Amazon S3 to store sensitive customer data. The security team wants to be alerted immediately if any S3 buckets are accidentally made public. <br/><br/>Which AWS service provides the MOST direct way to monitor and alert on public S3 buckets?
A company is using Amazon S3 to store sensitive customer data. The security team wants to be alerted immediately if any S3 buckets are accidentally made public. <br/><br/>Which AWS service provides the MOST direct way to monitor and alert on public S3 buckets?
Answer options:
A.
Amazon Macie
B.
AWS IAM Access Analyzer
C.
AWS CloudTrail
D.
Amazon Inspector
How to approach this question
Identify the service that analyzes resource policies for external access.
Full Answer
B.AWS IAM Access Analyzer✓ Correct
AWS IAM Access Analyzer
AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. It alerts you if a bucket is made public.
Common mistakes
Choosing Macie. While Macie works, Access Analyzer is the native, free tool specifically for policy analysis.
Practice the full AWS SAA-C03 Practice Exam 4
65 questions · hints · full answers · grading
More questions from this exam
Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...MediumQ02An application running on Amazon EC2 instances needs to access an Amazon DynamoDB table. Both res...EasyQ03A company is designing a web application that will be hosted on AWS. The application will use an ...MediumQ04A company is building a mobile app that requires users to authenticate using their social media a...HardQ05A solutions architect is designing a VPC for a three-tier web application. The database tier must...Medium