Practice free →
HomeAWS Securitycloudcomputingscsdatagov › Which AWS feature lets a security engineer enfor…

Which AWS feature lets a security engineer enforce 'no S3 bucket can be made public' across the entire AWS Organization, even by future buckets?

APer-bucket ACL reviews quarterly
BAmazon Route 53
CAmazon EBS
DS3 Block Public Access at the AWS account + Organization level (combined with SCPs preventing PutPublicAccessBlock disable)
Answer & Solution
Correct answer: D. S3 Block Public Access at the AWS account + Organization level (combined with SCPs preventing PutPublicAccessBlock disable)
S3 Block Public Access at account/org level + SCPs is the preventive control (per SCS-C02 §5.2, §6.1). The other options are reactive or unrelated.
Solve this in the app — AWS Security practice & 24k+ MCQs →
Related questions