A company is using AWS Organizations with multiple accounts. The security team wants to ensure that all S3 buckets across all accounts are encrypted with AWS KMS. Which policy should be used to enforce this?
Select one:
The trap here is that candidates often confuse detective controls (like AWS Config) with preventive ...