AWS Certified Cloud Practitioner

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Use dual-layer server-side encryption with AWS KMS keys (DSSE-KMS).

Dual-layer server-side encryption with AWS KMS keys (DSSE-KMS) is designed specifically to comply with regulations that require two independent layers of encryption. DSSE-KMS provides this functionality natively.

Author: Ritesh Yadav

Quick Answer

Answer-first summary for fast verification

Answer: Use dual-layer server-side encryption with AWS KMS keys (DSSE-KMS).

Author: Ritesh Yadav

Comments (0)

No comments yet.

Question 28\n\nA company uses a data lake that is based on an Amazon S3 bucket. To comply with regulations, the company must apply two layers of server-side encryption to files that are uploaded to the S3 bucket. The company wants to use an AWS Lambda function to apply the necessary encryption. Which solution will meet these requirements?

Real Exam

Community

RRitesh

Last updated: April 29, 2026 at 05:44

Use both server-side encryption with AWS KMS keys (SSE-KMS) and the Amazon S3 Encryption Client.

Use dual-layer server-side encryption with AWS KMS keys (DSSE-KMS).

Use server-side encryption with customer-provided keys (SSE-C) before files are uploaded.

Use server-side encryption with AWS KMS keys (SSE-KMS).