Which encryption option will meet these requirements?

By:
On:
In: DVA-C01
Tagged:
With: 0 Comments
A developer is storing sensitive data generated by an application in Amazon S3.The developer wants to encrypt the data at rest A company policy requires an audit trail of when the AWS Key Management Service (AWS KMS) key was used and by whom.

Which encryption option will meet these requirements?

Server-side encryption with Amazon S3 managed keys (SSE-S3)

Server-side encryption with AWS KMS managed keys (SSE-KMS)

Server-side encryption with customer-provided keys (SSE-C)

Server-side encryption with self-managed keys

Explanations:

SSE-S3 uses Amazon S3 managed keys for encryption, but it does not provide the required audit trail for AWS KMS key usage.

SSE-KMS uses AWS KMS managed keys, which provide detailed audit trails of key usage, meeting both encryption and audit requirements.

SSE-C uses customer-provided keys, but it does not integrate with AWS KMS or provide an audit trail of key usage through AWS KMS.

Self-managed keys are not an encryption option supported directly by S3. AWS KMS is required for both encryption and audit trail capabilities.

Leave a Reply

Your email address will not be published. Required fields are marked *

nineteen − five =