Which of the following methods can achieve this?

A company is storing data on Amazon Simple Storage Service (S3). The company’s security policy mandates
that data is encrypted at rest. Which of the following methods can achieve this? (Choose three.)

A company is storing data on Amazon Simple Storage Service (S3). The company’s security policy mandates
that data is encrypted at rest. Which of the following methods can achieve this? (Choose three.)

A.
Use Amazon S3 server-side encryption with AWS Key Management Service managed keys.

B.
Use Amazon S3 server-side encryption with customer-provided keys.

C.
Use Amazon S3 server-side encryption with EC2 key pair.

D.
Use Amazon S3 bucket policies to restrict access to the data at rest.

E.
Encrypt the data on the client-side before ingesting to Amazon S3 using their own master key.

F.
Use SSL to encrypt the data while in transit to Amazon S3.

Explanation:
http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html

Show Hint

Leave a Reply 4

Your email address will not be published. Required fields are marked *

Carl

Carl

agree to
ABE

Reply

McEphin

McEphin

I agree, A B E seems correct

Reply

Steve

Steve

A,B,E are the only correct choices here.

Reply

charm

charm

A
B
E

S3 allows protection of data in-transit by enabling communication via SSL or using client-side encryption

1. Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
2. Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)
3. Server-Side Encryption with Customer-Provided Keys (SSE-C)
4. AWS KMS-managed customer master key (CMK)

Reply