A sys admin is using server side encryption with AWS S3. Which of the below mentioned statements helps the user understand the S3 encryption functionality?
A.
The server side encryption with the user supplied key works when versioning is enabled
B.
The user can use the AWS console, SDK and APIs to encrypt or decrypt the content for server side encryption with the user supplied key
C.
The user must send an AES-128 encrypted key
D.
The user can upload his own encryption key to the S3 console
Suggested Answer:A🗳️
AWS S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key. The encryption with the user supplied key (SSE-C. does not work with the AWS console. The S3 does not store the keys and the user has to send a key with each request. The SSE-C works when the user has enabled versioning.
Server-side encryption with customer-provided keys (SSE-C) allows users to provide their own encryption key while storing data in Amazon S3. They can use the AWS Management Console, AWS SDKs (Software Development Kits), and AWS APIs to encrypt data before uploading it to S3 and to decrypt data after downloading it. The user-supplied key is necessary for encryption and decryption operations and is not managed by AWS, giving the user full control over the encryption process.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
albert_kuo
8 months, 3 weeks agoTroyMcLure
2 years, 7 months agoawscertified
2 years, 7 months ago