Choose two A Call with cloudfrontdev in the path

Choose two a call with cloudfrontdev in the path

This preview shows page 50 - 51 out of 51 pages.

(Choose two.) A. Call UploadServerCertificate with /cloudfront/dev/ in the path parameter. B. Import the certificate with a 4,096-bit RSA public key. C. Ensure that the certificate, private key, and certificate chain are PKCS #12-encoded. D. Import the certificate in the us-east-1 (N. Virginia) Region. E. Ensure that the certificate, private key, and certificate chain are PEM-encoded.
Image of page 50
3A52A51D4DDEDF2CE379291908AA5BBD QUESTION 139 A Security Engineer has discovered that, although encryption was enabled on the Amazon S3 bucket examplebucket, anyone who has access to the bucket has the ability to retrieve the files. The Engineer wants to limit access to each IAM user can access an assigned folder only. What should the Security Engineer do to achieve this? A. Use envelope encryption with the AWS-managed CMK aws/s3. B. Create a customer-managed CMK with a key policy granting “kms:Decrypt” based on the “${aws:username}” variable. C. Create a customer-managed CMK for each user. Add each user as a key user in their corresponding key policy. D. Change the applicable IAM policy to grant S3 access to “Resource”: “arn:aws:s3:::examplebucket/${aws:username}/*”
Image of page 51

You've reached the end of your free preview.

Want to read all 51 pages?

  • Fall '19
  • AWS, Amazon Elastic Compute Cloud

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture