You’ve been asked to develop an application on the AWS Cloud. The application will be used to store confidential documents in an S3 bucket. You need to ensure that the bucket is defined in such a way that it does not accept objects that are not encrypted.

Answer options:

A.Ensure a condition is set in the bucket policy.
B.Ensure that a condition is set in an IAM policy.
C.Enable MFA for the underlying bucket.
D.Enable CORS for the underlying bucket.

Answer – A
The AWS Documentation gives an example on the same.
Option B is incorrect since the condition needs to be put in the Bucket policy.
Option C is incorrect since this is only used for MFA Delete for accidental deletion of objects.
Option D is incorrect since CORS is only used for cross-domain access.
For more information on using KMS Encryption for S3, please refer to the below link-
https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html