AWS Certified Developer Associate (#99)

An organization must store thousands of sensitive audio and video files in an Amazon S3 bucket. Organizational security policies require that all data written to this bucket be encrypted. How can compliance with this policy be ensured?

Use AWS Lambda to send notifications to the security team if unencrypted objects are pun in the bucket.
Configure an Amazon S3 bucket policy to prevent the upload of objects that do not contain the x-amz-server-side-encryption header.
Create an Amazon CloudWatch event rule to verify that all objects stored in the Amazon S3 bucket are encrypted.
Configure an Amazon S3 bucket policy to prevent the upload of objects that contain the x-amz-server-side-encryption header.