Answer-first summary for fast verification
Answer: Apply aws:SecureTransport for HTTPS in S3 bucket policies and use SSE-KMS with the compliance team managing KMS keys.
The correct answer is C. To ensure that protected health information (PHI) is encrypted in transit and at rest, you must use the aws:SecureTransport condition in S3 bucket policies to allow only encrypted connections over HTTPS (TLS). Additionally, to comply with the requirement that the compliance team must administer the encryption key for data at rest, you should configure default encryption for each S3 bucket to use server-side encryption with AWS KMS keys (SSE-KMS). This allows the compliance team to manage the KMS keys, thus meeting all requirements.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A hospital must store PHI in an Amazon S3 bucket with encryption in transit and at rest. The compliance team must manage the encryption keys for data at rest. Which solution meets these requirements?
A
Create an ACM SSL/TLS certificate for Amazon S3 and use SSE-KMS with the compliance team managing KMS keys.
B
Apply aws:SecureTransport for HTTPS in S3 bucket policies and use SSE-S3 with the compliance team managing keys.
C
Apply aws:SecureTransport for HTTPS in S3 bucket policies and use SSE-KMS with the compliance team managing KMS keys.
D
Apply aws:SecureTransport for HTTPS and use Amazon Macie for data protection with the compliance team managing Macie.
No comments yet.