Topic 1 Question 31
A developer has an application that stores data in an Amazon S3 bucket. The application uses an HTTP API to store and retrieve objects. When the PutObject API operation adds objects to the S3 bucket the developer must encrypt these objects at rest by using server-side encryption with Amazon S3 managed keys (SSE-S3). Which solution will meet this requirement?
Create an AWS Key Management Service (AWS KMS) key. Assign the KMS key to the S3 bucket.
Set the x-amz-server-side-encryption header when invoking the PutObject API operation.
Provide the encryption key in the HTTP header of every request.
Apply TLS to encrypt the traffic to the S3 bucket.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: B👍 5svrnvtr2023/03/21
B. Set the x-amz-server-side-encryption header when invoking the PutObject API operation.
When using the PutObject API operation to store objects in an S3 bucket, the x-amz-server-side-encryption header can be set to specify the server-side encryption algorithm used to encrypt the object. Setting this header to "AES256" or "aws:kms" enables server-side encryption with SSE-S3 or SSE-KMS respectively.
Option A is incorrect because assigning a KMS key to the S3 bucket will not enable SSE-S3 encryption.
Option C is incorrect because providing the encryption key in the HTTP header of every request is not a valid way to enable SSE-S3 encryption.
Option D is incorrect because applying TLS encryption to the traffic to the S3 bucket only encrypts the data in transit, but does not encrypt the objects at rest in the bucket.
👍 1Bibay2023/05/14
シャッフルモード