Which of the following methods can achieve this?

A company is storing data on Amazon Simple Storage Service (S3). The company’s security policy mandates
that data is encrypted at rest. Which of the following methods can achieve this?
Choose 3 answers

A company is storing data on Amazon Simple Storage Service (S3). The company’s security policy mandates
that data is encrypted at rest. Which of the following methods can achieve this?
Choose 3 answers

A.
Use Amazon S3 server-side encryption with AWS Key Management Service managed keys.

B.
Use Amazon S3 server-side encryption with customer-provided keys.

C.
Use Amazon S3 server-side encryption with EC2 key pair.

D.
Use Amazon S3 bucket policies to restrict access to the data at rest.

E.
Encrypt the data on the client-side before ingesting to Amazon S3 using their own master key.

F.
Use SSL to encrypt the data while in transit to Amazon S3.

Explanation:

http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html

Show Hint

Leave a Reply 11

Your email address will not be published. Required fields are marked *

Chef

Chef

A B E. The question focuses on data at rest.

Reply

Kelvin Wong

Kelvin Wong

ABE, all these are encryption at rest.

C is nonsence
D is not encryption, its access security
F is encryption in transit

Reply

mr_tienvu

mr_tienvu

I agree with the answer. ABE

Reply

kamleshj

kamleshj

ABE

B: If you need extra security you can use the Server Side Encryption (SSE) option or the Server Side Encryption with Customer-Provide Keys (SSE-C) option to encrypt data stored-at-rest.

E: Alternatively you can use your own encryption libraries to encrypt data before storing it in Amazon S3.

Reply

swagata mondal

swagata mondal

ABE

Reply