Which solution meets these requirements?

By:
On:
In: SAA-C03
Tagged:
With: 0 Comments
A company is using a centralized AWS account to store log data in various Amazon S3 buckets.A solutions architect needs to ensure that the data is encrypted at rest before the data is uploaded to the S3 buckets.The data also must be encrypted in transit.

Which solution meets these requirements?

Use client-side encryption to encrypt the data that is being uploaded to the S3 buckets.

Use server-side encryption to encrypt the data that is being uploaded to the S3 buckets.

Create bucket policies that require the use of server-side encryption with S3 managed encryption keys (SSE-S3) for S3 uploads.

Enable the security option to encrypt the S3 buckets through the use of a default AWS Key Management Service (AWS KMS) key.

Explanations:

Client-side encryption ensures that data is encrypted before being uploaded to S3. It also ensures encryption in transit by encrypting the data before sending it.

Server-side encryption occurs after the data is uploaded to S3, which does not meet the requirement to encrypt the data before uploading. Also, encryption in transit is not specified here.

While server-side encryption with S3 managed keys (SSE-S3) can ensure encryption at rest, it does not fulfill the requirement for encrypting the data before upload. It also does not address encryption in transit.

Enabling encryption with a default AWS KMS key only encrypts data at rest after it is uploaded. It does not meet the requirement to encrypt data before upload or ensure encryption in transit.

Leave a Reply

Your email address will not be published. Required fields are marked *

19 − eleven =