Which of the following methods can achieve this?

By:
In: SAP-C01
Tagged:
With: 1 Comment
A company is storing data on Amazon Simple Storage Service (S3).The company’s security policy mandates that data is encrypted at rest.

Which of the following methods can achieve this?

(Choose three.)

Use Amazon S3 server-side encryption with AWS Key Management Service managed keys.

Use Amazon S3 server-side encryption with customer-provided keys.

Use Amazon S3 server-side encryption with EC2 key pair.

Use Amazon S3 bucket policies to restrict access to the data at rest.

Encrypt the data on the client-side before ingesting to Amazon S3 using their own master key.

Use SSL to encrypt the data while in transit to Amazon S3.

Explanations:

Amazon S3 server-side encryption with AWS KMS managed keys encrypts data at rest using managed keys.

Amazon S3 server-side encryption with customer-provided keys allows users to specify their own keys for encryption at rest.

EC2 key pairs are not used for encrypting data at rest in S3; they are used for SSH access to EC2 instances.

Bucket policies control access to data but do not provide encryption; they manage permissions only.

Client-side encryption involves encrypting data before uploading it to S3, ensuring it is encrypted at rest.

SSL encrypts data in transit, not at rest; it secures the data as it travels to S3 but does not store it encrypted.

2025-10-15

1 Comment

  1. Kathy
    Author

    I compute that the answer is:
    Use Amazon S3 server-side encryption with AWS Key Management Service managed keys.

Leave a Reply

Your email address will not be published. Required fields are marked *

nine + 17 =