ExpertMedium1 markMultiple Choice
AWS SAA-C03 · Question 15 · Domain 1.3: Data Security
A healthcare company stores patient records in Amazon S3. Compliance requires that the data must be encrypted at rest using keys managed by the company, and the company must be able to audit the usage of the encryption keys. Which encryption method should be used?
A healthcare company stores patient records in Amazon S3. Compliance requires that the data must be encrypted at rest using keys managed by the company, and the company must be able to audit the usage of the encryption keys. Which encryption method should be used?
Answer options:
A.
Server-Side Encryption with Amazon S3 managed keys (SSE-S3)
B.
Server-Side Encryption with AWS KMS keys (SSE-KMS)
C.
Server-Side Encryption with Customer-Provided Keys (SSE-C)
D.
Client-Side Encryption using the AWS Encryption SDK
How to approach this question
Identify the need for 'auditing key usage'. AWS KMS integrates with CloudTrail to provide this exact feature.
Full Answer
B.Server-Side Encryption with AWS KMS keys (SSE-KMS)✓ Correct
SSE-KMS uses AWS Key Management Service. KMS integrates with CloudTrail, allowing you to audit who used which key and when.
Common mistakes
Choosing SSE-S3, which does not provide key usage auditing.
Practice the full AWS SAA-C03 Practice Exam 7
65 questions · hints · full answers · grading
More questions from this exam
Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team needs...MediumQ02An application runs on Amazon EC2 instances and needs to access an Amazon S3 bucket. What is the ...EasyQ03A company wants to implement federated access to the AWS Management Console for its employees usi...MediumQ04A company is building a mobile application that requires users to sign in using their social medi...EasyQ05A security team wants to enforce MFA for all IAM users before they can terminate EC2 instances. H...Medium