SAP-C02 · Question #378
SAP-C02 Question #378: Real Exam Question with Answer & Explanation
The correct answer is A: Turn on SSE-S3 on both S3 buckets. Use S3 Batch Operations to copy and encrypt the objects in. https://aws.amazon.com/blogs/storage/encrypting-objects-with-amazon-s3-batch-operations/
Question
A company consists of two separate business units. Each business unit has its own AWS account within a single organization in AWS Organizations. The business units regularly share sensitive documents with each other. To facilitate sharing, the company created an Amazon S3 bucket in each account and configured two-way replication between the S3 buckets. The S3 buckets have millions of objects. Recently, a security audit identified that neither S3 bucket has encryption at rest enabled. Company policy requires that all documents must be stored with encryption at rest. The company wants to implement server-side encryption with Amazon S3 managed encryption keys (SSE-S3). What is the MOST operationally efficient solution that meets these requirements?
Options
- ATurn on SSE-S3 on both S3 buckets. Use S3 Batch Operations to copy and encrypt the objects in
- BCreate an AWS Key Management Service (AWS KMS) key in each account. Turn on server-side
- CTurn on SSE-S3 on both S3 buckets. Encrypt the existing objects by using an S3 copy command
- DCreate an AWS Key Management Service (AWS KMS) key in each account. Turn on server-side
Explanation
https://aws.amazon.com/blogs/storage/encrypting-objects-with-amazon-s3-batch-operations/
Community Discussion
No community discussion yet for this question.