A company is storing data on Amazon Simple Storage Service (S3). The company's security policy mandates that data is encrypted at rest. Which of the following methods can achieve this? (Choose three.)
A.
Use Amazon S3 server-side encryption with AWS Key Management Service managed keys.
B.
Use Amazon S3 server-side encryption with customer-provided keys.
C.
Use Amazon S3 server-side encryption with EC2 key pair.
D.
Use Amazon S3 bucket policies to restrict access to the data at rest.
E.
Encrypt the data on the client-side before ingesting to Amazon S3 using their own master key.
F.
Use SSL to encrypt the data while in transit to Amazon S3.
A. Use Amazon S3 server-side encryption with AWS Key Management Service managed keys.
B. Use Amazon S3 server-side encryption with customer-provided keys.
E. Encrypt the data on the client-side before ingesting to Amazon S3 using their own master key.
You can either use AWS managed key or Customer Managed Key to perform Server Side S3 bucket encryption, but no EC2 key-pair. EC2 key-pair is used to authenticate via SSH, not encrypt. You can also use your own methods to encrypt the data before upload to S3.
Wrong answers: C. Use Amazon S3 server-side encryption with EC2 key pair: Amazon S3 does not support using EC2 key pairs for server-side encryption. EC2 key pairs are primarily used for securely accessing EC2 instances.
D. Use Amazon S3 bucket policies to restrict access to the data at rest: Bucket policies are used to control access to objects stored in S3 buckets, but they do not provide encryption at rest. Encryption at rest should be handled through one of the server-side encryption options mentioned above.
Option F is also incorrect:
F. Use SSL to encrypt the data while in transit to Amazon S3: SSL (Secure Sockets Layer) encryption is used to secure the data during transit between the client and the S3 service. While it helps protect data in transit, it does not provide encryption at rest, which is specifically required by the company's security policy.
The three methods that can achieve data encryption at rest on Amazon S3 are:
A. Use Amazon S3 server-side encryption with AWS Key Management Service (KMS) managed keys: This method enables automatic encryption of data at rest using AWS KMS. The encryption keys are managed by AWS, providing a convenient and secure solution.
B. Use Amazon S3 server-side encryption with customer-provided keys: This method allows you to provide your own encryption keys to encrypt the data at rest. You can manage the keys yourself and have full control over the encryption process.
E. Encrypt the data on the client-side before ingesting to Amazon S3 using their own master key: This method involves encrypting the data on the client-side before uploading it to Amazon S3. You can use your own master key or encryption algorithm to ensure the data is encrypted before it reaches the S3 service.
A. Use Amazon S3 server-side encryption with AWS Key Management Service managed keys.
B. Use Amazon S3 server-side encryption with customer-provided keys.
E. Encrypt the data on the client-side before ingesting to Amazon S3 using their own master key.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ppshein
Highly Voted 3 years, 7 months agonitinz
3 years, 6 months agoamministrazione
Most Recent 8 months, 3 weeks agokuongnp
9 months, 4 weeks agoandersoncarvalho
1 year, 6 months agoajchi1980
1 year, 10 months agoajchi1980
1 year, 10 months agoSkyZeroZx
1 year, 11 months agoiamRohanKaushik
2 years, 1 month agogameoflove
2 years, 1 month agoTigerInTheCloud
2 years, 5 months agoemmanuelodenyire
2 years, 7 months agoskywalker
2 years, 8 months agomichaelbaib
2 years, 11 months agobluesmile979
3 years, 1 month agocldy
3 years, 5 months agoAkhil254
3 years, 6 months agokidd5
3 years, 6 months ago