AWS Certified Solutions Architect Associate SAA-C03 Practice Question
An enterprise in the financial sector is planning to transition its customer-facing applications onto a cloud platform. Regulations require that all sensitive customer information be encrypted when stored. The enterprise also wants to minimize the operational overhead associated with key management.
What approach should the architect recommend to ensure the storage solution meets these requirements?
Implement Secure Shell (SSH) for file transfers to the object storage to enable encryption for stored data.
Introduce multi-factor authentication for data access operations within the object storage service.
Implement server-side encryption on object storage utilizing a managed key service.
Adopt client-side encryption practices before transferring data to the chosen cloud-based object storage.
Server-side encryption that uses a managed key service (for example, SSE-KMS) automatically encrypts objects at rest and decrypts them only for authorized requests, while off-loading key lifecycle tasks such as rotation and auditing to the cloud provider. This satisfies industry regulations and reduces the operational burden compared with client-side encryption, which would require the organization to build, secure, and rotate its own keys. SSH only protects data in transit, and multi-factor authentication controls access but does not encrypt stored data.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is server-side encryption and how does it work?
Open an interactive chat with Bash
What is a managed key service and why is it important?