Topic 1 Question 106
A company is preparing to store confidential data in Amazon S3. For compliance reasons, the data must be encrypted at rest. Encryption key usage must be logged for auditing purposes. Keys must be rotated every year. Which solution meets these requirements and is the MOST operationally efficient?
Server-side encryption with customer-provided keys (SSE-C)
Server-side encryption with Amazon S3 managed keys (SSE-S3)
Server-side encryption with AWS KMS keys (SSE-KMS) with manual rotation
Server-side encryption with AWS KMS keys (SSE-KMS) with automatic rotation
ユーザの投票
コメント(8)
- 正解だと思う選択肢: D
The MOST operationally efficient one is D. Automating the key rotation is the most efficient. Just to confirm, the A and B options don't allow automate the rotation as explained here: https://aws.amazon.com/kms/faqs/#:~:text=You%20can%20choose%20to%20have%20AWS%20KMS%20automatically%20rotate%20KMS,KMS%20custom%20key%20store%20feature
👍 13123jhl02022/10/18 - 正解だと思う選択肢: D
Agree Also, SSE-S3 cannot be audited.
👍 2PS_R2022/11/09 Can anybody correct me if I'm wrong, KMS does not offer automatic rotations but SSE-KMS only allows automatic rotation once in 3 years thus if we want rotation every year we need to rotate it manually?
👍 2PavelTech2022/12/09
シャッフルモード