Explanation:
Amazon S3 dual-layer server-side encryption with AWS KMS keys (DSSE-KMS) applies two separate layers of server-side encryption to objects using AWS Key Management Service (AWS KMS) keys. This specifically fulfills the requirement of two layers of server-side encryption natively in S3.
Ultimate access to all questions.
A company uses a data lake that is based on an Amazon S3 bucket. To comply with regulations, the company must apply two layers of server-side encryption to files that are uploaded to the S3 bucket. The company wants to use an AWS Lambda function to apply the necessary encryption. Which solution will meet these requirements?
A
Use both server-side encryption with AWS KMS keys (SSE-KMS) and the Amazon S3 Encryption Client.
B
Use dual-layer server-side encryption with AWS KMS keys (DSSE-KMS).
C
Use server-side encryption with customer-provided keys (SSE-C) before files are uploaded.
D
Use server-side encryption with AWS KMS keys (SSE-KMS).
No comments yet.