A security audit requires that all requests to an S3 bucket use HTTPS, rejecting any plain HTTP request. How can this be enforced?
A) Enable default encryption on the bucket.
B) Add a bucket policy that denies requests where aws:SecureTransport is false.
C) Turn on S3 Versioning.
D) Enable S3 Block Public Access.
Correct Answer: B
Explanation: A bucket policy with a condition denying requests when aws:SecureTransport is false forces all access over TLS. (A) controls encryption at rest. (C) versioning protects against overwrites/deletes. (D) blocks public access but doesn’t enforce TLS.