Free AWS Certified Developer Associate DVA-C02 Practice Question
A developer is designing a new application that processes sensitive financial data. The application will store processed data in Amazon S3. For compliance reasons, the data must be encrypted at all times. Which type of encryption should the developer use to ensure that the data is encrypted before it leaves the application's host and remains encrypted in transit and at rest within Amazon S3?
Enable Secure Socket Layer (SSL) on the application's server and rely on S3 bucket policies to handle encryption.
Use server-side encryption with Amazon S3 managed keys (SSE-S3) when uploading the data.
Implement client-side encryption using a customer-managed key prior to uploading the data to Amazon S3.
Activate default S3 bucket encryption with an AWS Key Management Service (KMS) managed key.
