AWS Organizations spans many accounts and Regions. The company needs automated detection and blocking when any S3 bucket (existing or new) becomes public via ACLs or bucket policies. Which solution meets this?
Multiple choice — select one answer
Answer choices
Architectural breakdown & explanation
Managed Config rules such as s3-bucket-level-public-access-prohibited detect public access; runbooks like AWS-DisableS3BucketPublicReadWrite remediate automatically.
Correct answer(s): a. AWS Config rule in each account (or organization) for public ACLs/policies with automated remediation via a Systems Manager Automation runbook.
Exam domain: Domain 5: Incident and Event Response (14% weight on the official guide).
Official documentation & study links
Practice this certification
This page is one question from the AWS Certified DevOps Engineer – Professional bank. Run a full timed practice exam with domain-weighted random questions in your browser.