Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Associate Practice Exam 3 Question Reply To: Practice Exam 3 Question

  • Nikee-TutorialsDojo

    January 29, 2024 at 9:00 am

    Hello veen,

    Thank you for your feedback.

    Yes, you are correct. Server-side encryption (SSE) is enabled by default for Amazon S3 buckets. But it is also important to note that you can configure the default encryption for an Amazon S3 bucket. You can use server-side encryption with Amazon S3 managed keys (SSE-S3) (the default one which strongest block ciphers—256-bit Advanced Encryption Standard (AES-256) to encrypt each object uploaded to the bucket. ), server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS), or dual-layer server-side encryption with AWS KMS keys (DSSE-KMS).

    Therefore in the given scenario, “Enable SSE on an S3 bucket to make use of AES-256 encryption” is one of the correct answers since it’s still relevant to know and choose the specific SSE settings based on your encryption needs, and the use of AES-256 encryption is part of the SSE-S3 default encryption.

    Hope this clarifies any confusion. If you need further assistance please do not hesitate to contact us.


    Nikee @ Tutorials Dojo