AWS Certified Developer - Associate
Get started today
Ultimate access to all questions.
In compliance with internal regulations, it is mandatory to guarantee that all communications directed to Amazon S3 are encrypted.
Which of the following encryption mechanisms will result in the rejection of a request if the connection is not established using HTTPS?
In compliance with internal regulations, it is mandatory to guarantee that all communications directed to Amazon S3 are encrypted.
Which of the following encryption mechanisms will result in the rejection of a request if the connection is not established using HTTPS?
Explanation:
SSE-C
Server-side encryption is about protecting data at rest. Server-side encryption encrypts only the object data, not object metadata. Using server-side encryption with customer-provided encryption keys (SSE-C) allows you to set your encryption keys.
When you upload an object, Amazon S3 uses the encryption key you provide to apply AES-256 encryption to your data and removes the encryption key from memory. When you retrieve an object, you must provide the same encryption key as part of your request. Amazon S3 first verifies that the encryption key you provided matches and then decrypts the object before returning the object data to you.
Amazon S3 will reject any requests made over HTTP when using SSE-C. For security considerations, AWS recommends that you consider any key you send erroneously using HTTP to be compromised.