Answer-first summary for fast verification
Answer: Use AWS Key Management Service (KMS) for server-side encryption of S3 data and enable S3 Encryption for data in transit.
Option C is the correct choice for meeting data privacy and security requirements. By using AWS Key Management Service (KMS) for server-side encryption, you can ensure that data at rest is encrypted with a high level of security. Additionally, enabling S3 Encryption for data in transit ensures that sensitive information is protected during transfer. While other options like default encryption, SSE-S3, and Macie have their use cases, they may not provide the same level of encryption and security as KMS and S3 Encryption.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are responsible for designing a data storage solution for a company that has strict data privacy and security requirements. The data includes sensitive information that must be encrypted at rest and in transit. Which of the following AWS services or features would you recommend to meet these requirements?
A
Use Amazon S3 with default encryption and enable S3 Transfer Acceleration for secure data transfer.
B
Enable server-side encryption with Amazon S3-Managed Keys (SSE-S3) for data at rest and use SSL/TLS for data in transit.
C
Use AWS Key Management Service (KMS) for server-side encryption of S3 data and enable S3 Encryption for data in transit.
D
Use Amazon Macie to automatically discover, classify, and protect sensitive data stored in S3.
No comments yet.