Exam AWS Certified Cloud Practitioner topic 1 question 638 discussion

The encryption types that can be used to protect objects at rest in Amazon S3 are: A. Server-side encryption with Amazon S3 managed encryption keys (SSE-S3) B. Server-side encryption with AWS KMS managed keys (SSE-KMS) These options provide encryption for data stored in Amazon S3. SSE-S3 and SSE-KMS encrypt data at the object level using encryption keys managed by Amazon S3 and AWS Key Management Service (KMS), respectively.

A. Server-side encryption with Amazon S3 managed encryption keys (SSE-S3) B. Server-side encryption with AWS KMS managed keys (SSE-KMS)

The correct answers are: A. Server-side encryption with Amazon S3 managed encryption keys (SSE-S3) B. Server-side encryption with AWS KMS managed keys (SSE-KMS) Explanation: Amazon S3 provides various encryption types to protect objects at rest, including server-side encryption with Amazon S3 managed encryption keys (SSE-S3), server-side encryption with AWS KMS managed keys (SSE-KMS), and server-side encryption with customer-provided encryption keys (SSE-C). TLS and SSL are encryption protocols used for securing data in transit, and Transparent Data Encryption (TDE) is a feature provided by database services like Amazon RDS and Amazon Aurora for encrypting data at rest.

A. Server-side encryption with Amazon S3 managed encryption keys (SSE-S3) and B. Server-side encryption with AWS KMS managed keys (SSE-KMS) are two encryption types that can be used to protect objects at rest in Amazon S3.

I vote AB

Definitely not TLS and SSL. They pertain to data in transit, not at rest.

AB, I agree

A. Server-side encryption with Amazon S3 managed encryption keys (SSE-S3) B. Server-side encryption with AWS KMS managed keys (SSE-KMS) Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers). You can protect data in transit using Secure Socket Layer/Transport Layer Security (SSL/TLS) or client-side encryption. You have the following options for protecting data at rest in Amazon S3: Server-Side Encryption – Request Amazon S3 to encrypt your object before saving it on disks in its data centers and then decrypt it when you download the objects. To configure server-side encryption, see Specifying server-side encryption with AWS KMS (SSE-KMS) or Specifying Amazon S3 encryption. Ref link: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingEncryption.html