Which solution will meet these requirements?

A company stores documents in Amazon S3 with default settings.A new regulation requires the company to encrypt the documents at rest, rotate the encryption keys annually, and keep a record of when the encryption keys were rotated.The company does not want to manage the encryption keys outside of AWS.

Which solution will meet these requirements?

Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3).

Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS).

Use server-side encryption with customer-provided encryption keys (SSE-C).

Use client-side encryption before sending the data to Amazon S3.

Explanations:

SSE-S3 uses Amazon S3 managed encryption keys, but it does not allow for key rotation management or record-keeping of key rotations, which is required.

SSE-KMS uses AWS Key Management Service (KMS) to manage encryption keys. It supports key rotation and provides logging of key rotations in AWS CloudTrail.

SSE-C requires the customer to manage their own encryption keys outside of AWS, which contradicts the requirement of not managing keys outside of AWS.

Client-side encryption means the company must manage the encryption process and keys, which contradicts the requirement to not manage keys outside of AWS.

Free study guides, practices test, sample questions

Which solution will meet these requirements?

Explanations:

1 Comment

Leave a Reply Cancel reply