Bird
0
0

If an attacker gains access to an AWS EC2 instance, which defense in depth layer could still protect sensitive data stored in S3?

medium📝 Predict Output Q5 of 15
AWS - Advanced Security
If an attacker gains access to an AWS EC2 instance, which defense in depth layer could still protect sensitive data stored in S3?
AS3 bucket policies and encryption
BEC2 instance security groups
CIAM user permissions on EC2
DCloudWatch alarms on EC2
Step-by-Step Solution
Solution:

  1. Step 1: Identify protection for S3 data

    S3 bucket policies and encryption control access and data safety.

  2. Step 2: Understand why other options don't protect S3 data

    Security groups and EC2 permissions protect EC2, not S3 data.

  3. Final Answer:

    S3 bucket policies and encryption -> Option A

  4. Quick Check:

    Protect S3 data = Bucket policies + encryption [OK]
Quick Trick: Protect data where it lives [OK]
Common Mistakes:
  • Confusing EC2 controls with S3
  • Ignoring bucket policies
  • Thinking alarms block access

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
CloudFormation - Resources section - Quiz 15hard CloudFormation - Nested stacks for modularity - Quiz 7medium Cost Optimization - Budgets and cost anomaly detection - Quiz 14medium ECS and Fargate - ECR for container image registry - Quiz 11easy ECS and Fargate - ECS cluster concept - Quiz 15hard Route 53 - Route 53 with ELB integration - Quiz 12easy Serverless Architecture - Lambda with S3 event triggers - Quiz 6medium Serverless Architecture - Serverless Application Model (SAM) - Quiz 11easy Serverless Architecture - Why serverless architecture matters - Quiz 11easy Serverless Architecture - Step Functions for workflows - Quiz 4medium