AWS Certified Developer - Associate
Get started today
Ultimate access to all questions.
A company is storing sensitive and confidential data in an Amazon Simple Storage Service (S3) bucket. Due to recent regulatory guidelines, it is now mandated that all files within the S3 bucket must be encrypted using server-side encryption. The required encryption standard is Advanced Encryption Standard (AES-256). Additionally, the company prefers not to handle or manage the encryption keys used for this purpose.
Which of the following solutions should be implemented to meet these requirements?
A company is storing sensitive and confidential data in an Amazon Simple Storage Service (S3) bucket. Due to recent regulatory guidelines, it is now mandated that all files within the S3 bucket must be encrypted using server-side encryption. The required encryption standard is Advanced Encryption Standard (AES-256). Additionally, the company prefers not to handle or manage the encryption keys used for this purpose.
Which of the following solutions should be implemented to meet these requirements?
Explanation:
Overall explanation Correct option:
SSE-S3
Using Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3), each object is encrypted with a unique key employing strong multi-factor encryption. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.
Incorrect options:
SSE-C - You manage the encryption keys and Amazon S3 manages the encryption as it writes to disks and decryption when you access your objects.
Client-Side Encryption - You can encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools.
SSE-KMS - Similar to SSE-S3 and also provides you with an audit trail of when your key was used and by whom. Additionally, you have the option to create and manage encryption keys yourself.