Free AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A company is migrating sensitive customer data to Amazon S3. The company's compliance policy mandates that all data at rest must be encrypted with keys managed by the organizational security team. Which service should be used to manage the encryption keys, and how should it be configured to meet this requirement?
Activate Amazon GuardDuty with encryption options to automatically encrypt all data written to Amazon S3.
Implement AWS Certificate Manager (AWS ACM) to issue a certificate for securing customer data on S3.
Use the AWS Key Management Service (AWS KMS) to create a Customer Managed Key (CMK) with a key policy that allows only the security team to use it.
Enable Amazon S3 server-side encryption with Amazon S3-managed keys (SSE-S3) without additional configurations.
