A company is storing data on Amazon Simple Storage Service (S3). The company's security policy mandates that data is encrypted at rest.
Which of the following methods can achieve this? (Choose three.)
A company is storing data on Amazon Simple Storage Service (S3). The company's security policy mandates that data is encrypted at rest.
Which of the following methods can achieve this? (Choose three.)
To achieve encryption at rest for data stored in Amazon S3, three methods can be utilized. First, using Amazon S3 server-side encryption with AWS Key Management Service (KMS) managed keys ensures that AWS manages the keys, providing a secure and automated encryption process. Second, Amazon S3 server-side encryption with customer-provided keys allows users to bring their own encryption keys, providing full control over the encryption procedure. Third, clients can encrypt the data on the client-side using their own master key before uploading it to S3, ensuring data is already encrypted before it reaches the storage service.
My choice is A,B,E
only ABE does encryption at rest.
The three methods that can achieve data encryption at rest on Amazon S3 are: A. Use Amazon S3 server-side encryption with AWS Key Management Service (KMS) managed keys: This method enables automatic encryption of data at rest using AWS KMS. The encryption keys are managed by AWS, providing a convenient and secure solution. B. Use Amazon S3 server-side encryption with customer-provided keys: This method allows you to provide your own encryption keys to encrypt the data at rest. You can manage the keys yourself and have full control over the encryption process. E. Encrypt the data on the client-side before ingesting to Amazon S3 using their own master key: This method involves encrypting the data on the client-side before uploading it to Amazon S3. You can use your own master key or encryption algorithm to ensure the data is encrypted before it reaches the S3 service.
dont understand why encrypt 3 times??
ABE is correct
A, B, E is correct
You can either use AWS managed key or Customer Managed Key to perform Server Side S3 bucket encryption, but no EC2 key-pair. EC2 key-pair is used to authenticate via SSH, not encrypt. You can also use your own methods to encrypt the data before upload to S3.
Wrong answers: C. Use Amazon S3 server-side encryption with EC2 key pair: Amazon S3 does not support using EC2 key pairs for server-side encryption. EC2 key pairs are primarily used for securely accessing EC2 instances. D. Use Amazon S3 bucket policies to restrict access to the data at rest: Bucket policies are used to control access to objects stored in S3 buckets, but they do not provide encryption at rest. Encryption at rest should be handled through one of the server-side encryption options mentioned above. Option F is also incorrect: F. Use SSL to encrypt the data while in transit to Amazon S3: SSL (Secure Sockets Layer) encryption is used to secure the data during transit between the client and the S3 service. While it helps protect data in transit, it does not provide encryption at rest, which is specifically required by the company's security policy.
My choice is A,B,E
ABE is correct
A, B & E are only suitable right answer
C, D, and F are wrong
I see only these support encryption at rest
I will go for A,B,E
vote ABE
A. Use Amazon S3 server-side encryption with AWS Key Management Service managed keys. B. Use Amazon S3 server-side encryption with customer-provided keys. E. Encrypt the data on the client-side before ingesting to Amazon S3 using their own master key.
ABE Correct
ABE is correct