Topic 1 Question 106
A company uses a data lake that is based on an Amazon S3 bucket. To comply with regulations, the company must apply two layers of server-side encryption to files that are uploaded to the S3 bucket. The company wants to use an AWS Lambda function to apply the necessary encryption.
Which solution will meet these requirements?
Use both server-side encryption with AWS KMS keys (SSE-KMS) and the Amazon S3 Encryption Client.
Use dual-layer server-side encryption with AWS KMS keys (DSSE-KMS).
Use server-side encryption with customer-provided keys (SSE-C) before files are uploaded.
Use server-side encryption with AWS KMS keys (SSE-KMS).
ユーザの投票
コメント(8)
Answer is B
👍 5sdas12024/06/23- 正解だと思う選択肢: B
The most crucial objective in the problem is "Two layers of server-side encryption must be applied."
A: SSE-KMS is a single-layer server-side encryption that uses AWS KMS keys to encrypt data. The Amazon S3 Encryption Client performs client-side encryption, not server-side encryption. C: SSE-C is server-side encryption that uses customer-provided encryption keys to encrypt data. This does not provide two layers of encryption. D: SSE-KMS is a single-layer server-side encryption. It does not meet the encryption requirement of two layers of encryption.
B: DSSE-KMS (dual-layer server-side encryption) uses two layers of encryption to encrypt data using keys managed by AWS KMS. The first layer is used to encrypt the data key, and the second layer is used to encrypt the actual data. This provides the two layers of server-side encryption required to meet compliance requirements.
👍 3samadal2024/08/20 - 正解だと思う選択肢: B
I guess that right answer is - B https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingDSSEncryption.html
👍 2HunkyBunky2024/06/24
シャッフルモード