ExpertAWS SAA-C03 · Question 20 · Domain 1.3: Data Security
A company wants to store sensitive documents in Amazon S3. The security policy requires that the data is encrypted at rest. The company wants AWS to manage the encryption keys, but they also need an audit trail showing when the keys were used and by whom. Which TWO encryption options meet these requirements? (Select TWO.)
A company wants to store sensitive documents in Amazon S3. The security policy requires that the data is encrypted at rest. The company wants AWS to manage the encryption keys, but they also need an audit trail showing when the keys were used and by whom. Which TWO encryption options meet these requirements? (Select TWO.)
Answer options:
Server-Side Encryption with Amazon S3 Managed Keys (SSE-S3)
Server-Side Encryption with AWS KMS keys (SSE-KMS) using an AWS managed key
Server-Side Encryption with AWS KMS keys (SSE-KMS) using a Customer managed key
Server-Side Encryption with Customer-Provided Keys (SSE-C)
Client-Side Encryption using an on-premises key management system
How to approach this question
Full Answer
Common mistakes
Practice the full AWS SAA-C03 Practice Exam 1
65 questions · hints · full answers · grading