How should the bucket be configured?

A company maintains sensitive data in an Amazon S3 bucket that must be protected using an AWS KMS CMK.The company requires that keys be rotated automatically every year.

Select server-side encryption with Amazon S3-managed keys (SSE-S3) and select an AWS-managed CMK.

Select Amazon S3-AWS KMS managed encryption keys (S3-KMS) and select a customer-managed CMK with key rotation enabled.

Select server-side encryption with Amazon S3-managed keys (SSE-S3) and select a customer-managed CMK that has imported key material.

Select server-side encryption with AWS KMS-managed keys (SSE-KMS) and select an alias to an AWS-managed CMK.

Previous Post: What architectural changes will minimize downtime and reduce the chance of lost data?

Next Post: Which action will deliver the custom metrics to CloudWatch?

1 Comment

Author

As far as I’m aware, the answer is:
Select server-side encryption with AWS KMS-managed keys (SSE-KMS) and select an alias to an AWS-managed CMK.

Kevin

4 weeks ago

Permalink

Reply

Free study guides, practices test, sample questions

How should the bucket be configured?

1 Comment

Leave a Reply Cancel reply