An application needs to encrypt data that is written to Amazon S3 where the keys are managed in an on-premises data center, and the encryption is handled by S3. Which type of encryption should be used?
A.
Use server-side encryption with Amazon S3-managed keys.
B.
Use server-side encryption with AWS KMS-managed keys.
C.
Use client-side encryption with AWS KMS-managed keys.
D.
Use server-side encryption with customer-provided keys.
Answer D: "With Server-Side Encryption with Customer-Provided Keys (SSE-C), you manage the encryption keys and Amazon S3 manages the encryption, as it writes to disks, and decryption, when you access your objects."
Since the keys are managed on-primeses, in this scenario we must use SSE-C server-side encryption. When we upload and download files from S3 we have to send the key to the server in order to encrypt/decrypt data. The correct answer is D
With Server-Side Encryption with Customer-Provided Keys (SSE-C), you manage the encryption keys and Amazon S3 manages the encryption, as it writes to disks, and decryption, when you access your objects.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
LEHUY
Highly Voted 2 years, 10 months agoSD_CS
Most Recent 1 year, 5 months agorcaliandro
2 years agosichilam
2 years, 5 months agocloud_collector
2 years, 8 months agoLEHUY
2 years, 10 months ago