AWS Cloud Practitioner CLF-C02 Practice Question

Encrypting data when it is stored (data at rest) is a fundamental security practice that ensures unauthorized users cannot read the data if they gain access to the storage medium. Using the cloud service's managed keys for server-side encryption (like SSE-S3) secures the files by encrypting each object, while the cloud provider manages the complexity of key handling and rotation. The incorrect answers describe other important but distinct security controls: Adjusting access policies controls who can access resources but does not encrypt the data itself. Virtual firewall rules operate at the network layer to control traffic to and from resources. Activating an auditing service records interactions, which is a detective control, rather than a preventative control that actively secures the stored data.