Security II
Review assessment questions and explanations against all options to equip yourself with the necessary understanding to confidently tackle the AWS Certified Developer – Associate (DVA-C02) exam questions from the Security domain.
We'll cover the following...
Question 27
A software company handles highly confidential customer documents and needs to upload them to an Amazon S3 bucket. A strict corporate security policy dictates two key requirements:
The document data must be encrypted before it leaves the company’s on-premises environment and is transmitted to Amazon S3.
The cryptographic keys used for this encryption must be centrally managed and controlled exclusively by the company’s security team within AWS.
Which encryption approach for Amazon S3 should the developer implement to satisfy these requirements?
A. Utilize Amazon S3’s server-side encryption with S3-managed keys (SSE-S3).
B. Employ Amazon S3’s server-side encryption with customer-provided encryption keys (SSE-C).
C. Implement client-side encryption within the application using an AWS Key Management Service (KMS) Customer Managed Key (CMK).
D. Configure Amazon S3’s bucket policy to enforce ...