A sys admin is using server side encryption with AWS S3. Which of the below mentioned statements helps the
user understand the S3 encryption functionality?
A.
The server side encryption with the user supplied key works when versioning is enabled
B.
The user can use the AWS console, SDK and APIs to encrypt or decrypt the content for server side
encryption with the user supplied key
C.
The user must send an AES-128 encrypted key
D.
The user can upload his own encryption key to the S3 console
Explanation:
AWS S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can
either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to
supply his own encryption key. The encryption with the user supplied key (SSE-C. does not work with the AWS
console. The S3 does not store the keys and the user has to send a key with each request. The SSE-C works
when the user has enabled versioning.
Seems no answer, version is not required.
http://docs.aws.amazon.com/zh_cn/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
A is correct, it is not “required” but A is a true statement and none of the others are true.
I agree, A is correct.
a