Topic 1 Question 862

AWS Certified Solutions Architect - Associate

Topic 1 Question 862
A company runs an application in the AWS Cloud that generates sensitive archival data files. The company wants to rearchitect the application's data storage. The company wants to encrypt the data files and to ensure that third parties do not have access to the data before the data is encrypted and sent to AWS. The company has already created an Amazon S3 bucket.

Which solution will meet these requirements?
- Configure the S3 bucket to use client-side encryption with an Amazon S3 managed encryption key. Configure the application to use the S3 bucket to store the archival files.
- Configure the S3 bucket to use server-side encryption with AWS KMS keys (SSE-KMS). Configure the application to use the S3 bucket to store the archival files.
- Configure the S3 bucket to use dual-layer server-side encryption with AWS KMS keys (SSE-KMS). Configure the application to use the S3 bucket to store the archival files.
- Configure the application to use client-side encryption with a key stored in AWS Key Management Service (AWS KMS). Configure the application to store the archival files in the S3 bucket.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: D
  "ensure that third parties do not have access to the data before the data is encrypted and sent to AWS"
  
  👍 8
  xBUGx2024/10/05
- 正解だと思う選択肢: D
  "Amazon S3 managed encryption key" (SSE-S3) is a server-side encryption. Therefore it is not a client-side encryption. To encrypt the data before sending to S3, it has to be client-side encryption.
  
  👍 6
  f07ed8f2024/11/22
- 正解だと思う選択肢: D
  Must encrypt the data on client side before uploading it to S3
  
  👍 3
  Hkayne2024/11/21
シャッフルモード

ユーザの投票

コメント(3)