A company requires that all data stored in Amazon S3 must be encrypted at rest using keys managed by the company. The company wants to maintain full control over the key rotation and auditing of key usage. <br/><br/>Which encryption option meets these requirements?

Answer options:

Server-Side Encryption with Amazon S3 Managed Keys (SSE-S3)

Server-Side Encryption with AWS KMS AWS Managed Keys (SSE-KMS)

Server-Side Encryption with AWS KMS Customer Managed Keys (SSE-KMS)

Client-Side Encryption using the AWS Encryption SDK

How to approach this question

Identify the KMS key type that provides the customer with full control over rotation and policies.

Full Answer

C.Server-Side Encryption with AWS KMS Customer Managed Keys (SSE-KMS)✓ Correct

Server-Side Encryption with AWS KMS Customer Managed Keys (SSE-KMS)

AWS KMS Customer Managed Keys provide the highest level of control. You can establish and maintain their key policies, IAM policies, and grants, enable and disable them, rotate their cryptographic material, and audit their usage in AWS CloudTrail.

Common mistakes

Confusing AWS Managed Keys with Customer Managed Keys.

Question 05 All questions Question 07

Practice the full AWS SAA-C03 Practice Exam 4

65 questions · hints · full answers · grading

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...Medium Q02An application running on Amazon EC2 instances needs to access an Amazon DynamoDB table. Both res...Easy Q03A company is designing a web application that will be hosted on AWS. The application will use an ...Medium Q04A company is building a mobile app that requires users to authenticate using their social media a...Hard Q05A solutions architect is designing a VPC for a three-tier web application. The database tier must...Medium

View all 65 questions →