Topic 1 Question 548
A developer is creating a new application that will give users the ability to upload documents to Amazon S3. The contents of the documents must not be accessible to any third party.
Which type of encryption will meet this requirement?
Client-side encryption by using the S3 Encryption Client with a Raw RSA wrapping key that is stored on the user’s device
Server-side encryption with S3 managed keys (SSE-S3)
Server-side encryption with AWS KMS keys (SSE-KMS)
Dual-layer server-side encryption with AWS KMS keys (DSSE-KMS)
ユーザの投票
コメント(4)
- 正解だと思う選択肢: C
C is the correct answer. A is too complex. B is not the most secure way as there's no integration with IAM for access control policies specific to the key. D is overkill.
👍 2Arad2025/01/13 - 正解だと思う選択肢: C
Es una solución robusta y administrativamente sencilla, sin la complejidad del cifrado del lado del cliente (opción A) y con un nivel de seguridad superior al de SSE-S3 (opción B). La opción D implicaría una doble capa de cifrado innecesaria para este caso.
👍 1italiancloud20252025/02/17 - 正解だと思う選択肢: A
A. Client-side encryption using the S3 Encryption Client with a Raw RSA key: This is the correct answer because it ensures complete end-to-end protection. Here's why:
The document is encrypted on the user's device before transmission The encryption key never leaves the user's control Even AWS cannot access the unencrypted contents The data remains protected throughout its entire lifecycle
👍 1LingZ2025/02/22
シャッフルモード