A company wants to prevent public exposure of data that is stored in Amazon S3.
Which combination of steps should a security engineer take to meet this requirement?
(Choose two.)
Turn on S3 Block Public Access.
Enforce S3 bucket encryption by using server-side encryption with AWS KMS managed keys (SSE-KMS).
Enforce S3 bucket encryption by using server-side encryption with Amazon S3 managed encryption keys (SSE-S3).
Use S3 Storage Lens.
Use Amazon Macie.