CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free AWS Certified Solutions Architect Associate SAA-C03 Practice Question

A company has sensitive customer data that must be encrypted at rest in an Amazon S3 bucket. The company must also comply with regulatory requirements that mandate the periodic rotation of encryption keys. Which solution fulfills these requirements and is considered the BEST practice?

  • Implement Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3) on the S3 bucket.

  • Enable Server-Side Encryption with AWS CloudHSM-Managed Keys on the S3 bucket.

  • Enable Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS) on the S3 bucket and leverage automatic key rotation in AWS KMS.

  • Enable Server-Side Encryption with Customer-Provided Keys (SSE-C) on the S3 bucket and rotate the keys periodically with a custom solution.

This question's topic:
AWS Certified Solutions Architect Associate SAA-C03 / 
Design Secure Architectures
Your Score:
Design Secure Architectures
Design Resilient Architectures
Design High-Performing Architectures
Design Cost-Optimized Architectures