Which solution will meet these requirements?

A company stores documents in Amazon S3 with default settings.A new regulation requires the company to encrypt the documents at rest, rotate the encryption keys annually, and keep a record of when the encryption keys were rotated.The company does not want to manage the encryption keys outside of AWS.

Which solution will meet these requirements?

Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3).

Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS).

Use server-side encryption with customer-provided encryption keys (SSE-C).

Use client-side encryption before sending the data to Amazon S3.

Explanations:

SSE-S3 uses Amazon S3 managed encryption keys, but it does not allow for key rotation management or record-keeping of key rotations, which is required.

SSE-KMS uses AWS Key Management Service (KMS) to manage encryption keys. It supports key rotation and provides logging of key rotations in AWS CloudTrail.

SSE-C requires the customer to manage their own encryption keys outside of AWS, which contradicts the requirement of not managing keys outside of AWS.

Client-side encryption means the company must manage the encryption process and keys, which contradicts the requirement to not manage keys outside of AWS.

Learn & move to cloud

Which solution will meet these requirements?

Explanations:

Leave a Reply Cancel reply