-
Section-Based – Data Protection (Security) Question
updated 2 weeks, 2 days ago
2 Members
·
2
Posts
-
<div>Hi, I have an issue with this question:</div>
A company is looking to store their confidential financial files in AWS that are accessed every week. A Security Engineer was instructed to set up the storage system which uses envelope encryption and automates key rotation. It should also provide an audit trail which shows who used the encryption key and by whom for security purposes.
Which of the following should the Engineer implement to satisfy the requirement with the LEAST amount of cost? (Select TWO.)
<div> Enable Server-Side Encryption with Customer-Provided Keys (SSE-C).</div>
Store the confidential financial files in Amazon S3. – CORRECT
Store the confidential financial files in Amazon S3 Glacier Deep Archive.
Enable Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).
Enable Server-Side Encryption with AWS KMS Keys (SSE-KMS). – CORRECT
The option that says: Enable Server-Side Encryption with Customer-Provided Keys (SSE-C) and Enabling Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
are incorrect. Although you can configure automatic key rotation, these
two do not provide you with an audit trail that shows when your KMS key
was used and by whom, unlike Server-Side Encryption with AWS KMS Keys
(SSE-KMS).The explanation is wrong, per AWS you can track SSE-C usage: https://repost.aws/articles/ARhGC12rOiTBCKHcAe9GZXCA/how-to-detect-existing-use-of-sse-c-in-your-amazon-s3-buckets.
Either the question should be updated or the answers clarified.
-
Hi hellojellojw,
Thank you for pointing that out.
We will make the necessary updates, which should be reflected on the portal soon.
Let us know if you need further assistance.
Regards,
JR @ Tutorials Dojo
Log in to reply.