A company stores documents in Amazon S3 with default settings. A new regulation requires the company to encrypt the documents at rest, rotate the encryption keys annually, and keep a record of when the encryption keys were rotated. The company does not want to manage the encryption keys outside of AWS.
Which solution will meet these requirements?

A. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3).

B. Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS).

C. Use server-side encryption with customer-provided encryption keys (SSE-C).

D. Use client-side encryption before sending the data to Amazon S3.








 

Suggested Answer: C

Community Answer: B




This question is in DVA-C01 AWS Certified Developer – Associate Exam
For getting AWS Certified Developer – Associate Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.