A user has enabled versioning on an S3 bucket. The user is using server side encryption for data
at rest. If the user is supplying his own keys for encryption (SSE-C., what is recommended to the
user for the purpose of security?
A.
The user should not use his own security key as it is not secure
B.
Configure S3 to rotate the user’s encryption key at regular intervals
C.
Configure S3 to store the user’s keys securely with SSL
D.
Keep rotating the encryption key manually at the client side
Explanation:
AWS S3 supports client side or server side encryption to encrypt all data at Rest. The server side
encryption can either have the S3 supplied AES-256 encryption key or the user can send the key
along with each API call to supply his own encryption key (SSE-C.. Since S3 does not store the
encryption keys in SSE-C, it is recommended that the user should manage keys securely and
keep rotating them regularly at the client side version.
D
D