AWS Certified Developer Associate DVA-C02 Practice Question
A developer is designing a new application that processes sensitive financial data. The application will store processed data in Amazon S3. For compliance reasons, the data must be encrypted at all times. Which type of encryption should the developer use to ensure that the data is encrypted before it leaves the application's host and remains encrypted in transit and at rest within Amazon S3?
Enable Secure Socket Layer (SSL) on the application's server and rely on S3 bucket policies to handle encryption.
Activate default S3 bucket encryption with an AWS Key Management Service (KMS) managed key.
Implement client-side encryption using a customer-managed key prior to uploading the data to Amazon S3.
Use server-side encryption with Amazon S3 managed keys (SSE-S3) when uploading the data.
Client-side encryption is the correct approach because it meets the requirement to encrypt data before it leaves the application's host. By encrypting the data on the client side, it is protected prior to transmission, during transit to Amazon S3, and while at rest in the S3 bucket.
Server-side encryption options, such as Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3) or with AWS KMS keys (SSE-KMS), are incorrect because the encryption occurs on the AWS side after the data is received by Amazon S3. This does not fulfill the requirement to have the data encrypted before it leaves the application environment.
Using only Secure Socket Layer (SSL)/Transport Layer Security (TLS) is insufficient. While SSL/TLS encrypts data in transit, it does not encrypt the data on the host before it is sent or keep it encrypted at rest within the S3 bucket; server-side encryption would still be required for encryption at rest.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is client-side encryption, and how does it differ from server-side encryption?
Open an interactive chat with Bash
How does enabling Secure Socket Layer (SSL) compare to client-side encryption for securing data in this case?
Open an interactive chat with Bash
What are the benefits of using a customer-managed key for client-side encryption?
Open an interactive chat with Bash
AWS Certified Developer Associate DVA-C02
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .