AWS Certified Developer - Associate
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A security company has mandated that all developers implement server-side encryption using customer-provided encryption keys (SSE-C) for their operations in Amazon S3. Developers are expected to utilize C# with the AWS SDK to incorporate this encryption method in various S3 operations, specifically PUT, GET, Head, and Copy operations.
Which of the following encryption methods satisfies this requirement?
Explanation:
Overall explanation Correct option:
SSE-C
You have the following options for protecting data at rest in Amazon S3:
Server-Side Encryption – Request Amazon S3 to encrypt your object before saving it on disks in its data centers and then decrypt it when you download the objects.
Client-Side Encryption – Encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools.
For the given use-case, the company wants to manage the encryption keys via its custom application and let S3 manage the encryption, therefore you must use Server-Side Encryption with Customer-Provided Keys (SSE-C).
Using server-side encryption with customer-provided encryption keys (SSE-C) allows you to set your encryption keys. With the encryption key you provide as part of your request, Amazon S3 manages both the encryption, as it writes to disks, and decryption, when you access your objects.