ExpertAWS SAP-C02 · Question 52 · Domain 2.3: Security Controls
A healthcare organization is building a data lake on Amazon S3 to store patient records. They must comply with HIPAA regulations. The data must be encrypted at rest using keys that the organization exclusively controls and rotates. Access to the data must be strictly limited to a specific IAM role, and any access from outside the corporate VPC must be blocked. Which combination of configurations will meet these requirements? (Select THREE)
A healthcare organization is building a data lake on Amazon S3 to store patient records. They must comply with HIPAA regulations. The data must be encrypted at rest using keys that the organization exclusively controls and rotates. Access to the data must be strictly limited to a specific IAM role, and any access from outside the corporate VPC must be blocked. Which combination of configurations will meet these requirements? (Select THREE)
Answer options:
Encrypt the S3 bucket using Amazon S3 Managed Keys (SSE-S3).
Encrypt the S3 bucket using AWS KMS Customer Managed Keys (CMKs).
Attach a bucket policy that denies access if the aws:SourceVpce condition is not met.
Use a VPC Endpoint for S3 in the corporate VPC.
Configure S3 Object Lock in Governance mode.
Use AWS Shield Advanced to protect the bucket from unauthorized access.
How to approach this question
Full Answer
Common mistakes
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 4
75 questions · hints · full answers · grading