A solutions architect must ensure that the company's backup data stored in Amazon S3 is encrypted at rest while minimizing operational overhead. The company does not want to create or manage any encryption keys. Which option will meet these requirements?
Use TLS 1.2 for all uploads
Client-side encryption with application-managed keys
Server-side encryption with AWS KMS keys (SSE-KMS)
Server-side encryption with Amazon S3 managed keys (SSE-S3)
Server-side encryption with Amazon S3 managed keys (SSE-S3) automatically encrypts every object with AES-256 and handles all key generation, rotation, and storage within the service, so administrators do not need to configure or manage keys. Server-side encryption with AWS KMS keys (SSE-KMS) and client-side encryption both protect data at rest, but each requires additional key-management steps and, in the case of SSE-KMS, extra per-request charges. TLS 1.2 secures data only while it travels across the network and provides no protection for data stored on S3 disks. Because the requirement explicitly calls for encryption at rest with no key-management effort, SSE-S3 is the best fit.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is server-side encryption with AWS managed keys (SSE-S3)?
Open an interactive chat with Bash
How does encryption at rest differ from encryption in transit?
Open an interactive chat with Bash
What are the other encryption options available for Amazon S3 apart from SSE-S3?
Open an interactive chat with Bash
AWS Cloud Practitioner CLF-C02
Security and Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access