Security II
Explore key security concepts essential for AWS developers preparing for the DVA-C02 exam. Understand encryption options for Amazon S3, fine-grained IAM roles for microservices, and AWS services for centralized logging and tracing. This lesson helps you learn how to implement best security practices to protect data, control API access, and monitor applications effectively on AWS.
We'll cover the following...
Question 27
A software company handles highly confidential customer documents and needs to upload them to an Amazon S3 bucket. A strict corporate security policy dictates two key requirements:
The document data must be encrypted before it leaves the company’s on-premises environment and is transmitted to Amazon S3.
The cryptographic keys used for this encryption must be centrally managed and controlled exclusively by the company’s security team within AWS.
Which encryption approach for Amazon S3 should the developer implement to satisfy these requirements?
A. Utilize Amazon S3’s server-side encryption with S3-managed keys (SSE-S3).
B. Employ Amazon S3’s server-side encryption with customer-provided encryption keys (SSE-C).
C. Implement client-side encryption within the application using an AWS Key Management Service (KMS) Customer Managed Key (CMK).
D. Configure Amazon S3’s bucket policy to enforce ...