CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free AWS Certified Solutions Architect Associate SAA-C03 Practice Question

A company is migrating sensitive customer data to Amazon S3. The company's compliance policy mandates that all data at rest must be encrypted with keys managed by the organizational security team. Which service should be used to manage the encryption keys, and how should it be configured to meet this requirement?

  • Enable Amazon S3 server-side encryption with Amazon S3-managed keys (SSE-S3) without additional configurations.

  • Activate Amazon GuardDuty with encryption options to automatically encrypt all data written to Amazon S3.

  • Implement AWS Certificate Manager (AWS ACM) to issue a certificate for securing customer data on S3.

  • Use the AWS Key Management Service (AWS KMS) to create a Customer Managed Key (CMK) with a key policy that allows only the security team to use it.

This question's topic:
AWS Certified Solutions Architect Associate SAA-C03 / 
Design Secure Architectures
Your Score:
Design Secure Architectures
Design Resilient Architectures
Design High-Performing Architectures
Design Cost-Optimized Architectures