🔥 3-day streak
AWS Certified Security - Specialty39 / 184
Question 39 of 184

A security engineer must ensure that any S3 bucket created in the company's production account is automatically flagged as noncompliant if default encryption is not enabled, and then automatically remediated to enable SSE-S3 encryption without manual intervention. Configuration drift must be continuously evaluated as changes occur. Which approach meets these requirements with the least operational overhead?

Reviewed for accuracy · Report an issueNext question