SCS-C02 · Question #353
SCS-C02 Question #353: Real Exam Question with Answer & Explanation
The correct answer is C: Enable server side encryption on the S3 bucket. The AWS Documentation mentions the following Server-side encryption is about data encryption at rest-- that is, Amazon S3 encrypts your data at the object level as it writes it to disks in its data centers and decrypts it for you when you access it. As long as you authenticate yo
Question
A company hosts data in S3. There is now a mandate that going forward all data in the S3 bucket needs to encrypt at rest. How can this be achieved? Please select:
Options
- AUse AWS Access keys to encrypt the data
- BUse SSL certificates to encrypt the data
- CEnable server side encryption on the S3 bucket
- DEnable MFA on the S3 bucket
Explanation
The AWS Documentation mentions the following Server-side encryption is about data encryption at rest-- that is, Amazon S3 encrypts your data at the object level as it writes it to disks in its data centers and decrypts it for you when you access it. As long as you authenticate your request and you have access permissions, there is no difference in the way you access encrypted or unencrypted objects. Options A and B are invalid because neither Access Keys nor SSL certificates can be used to encrypt data. Option D is invalid because MFA is just used as an extra level of security for S3 buckets
Community Discussion
No community discussion yet for this question.