A company is migrating an application to AWS and must encrypt sensitive data before storing it in Amazon S3. Which solution meets this requirement?
Choose an answer
Tap an option to check your answer.
Correct answer: Encrypt the data by using client-side encryption with customer managed keys..
Why this is the answer
The correct solution is client-side encryption with customer managed keys because the requirement states that the data must be encrypted before storing it in Amazon S3. Client-side encryption ensures the data is encrypted on the client side before it ever leaves the client's control and is sent to S3. Customer managed keys (e.g., using AWS Key Management Service - KMS) provide the company full control over the encryption keys. Server-side encryption options (SSE-KMS, SSE-C) encrypt the data after it is received by S3, which does not meet the "before storing" requirement. Client-side encryption with Amazon S3 managed keys is not a valid S3 encryption option; S3 managed keys are used for server-side encryption (SSE-S3).
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed