Home › Forums › AWS › AWS Certified Solutions Architect Associate › Practice Exam 3 Question › Reply To: Practice Exam 3 Question
-
Hello Nikki,
I am new here, and I had taken my first exam set with DOJO.
I have question/clarification, over “Encrypt your data using your own encryption keys” Could we not use, Dual-Layer server-side encryption with AWS Key Management service Keys (DDSE-KMS)? I mean that option could have included as an answer, instead of, encrypt your data using your own encryption keys”?
While scrutinizing the given four (04) answers, and to choose two(02) as correct answers;
(1) Why was to Encrypt your data using your own encryption keys, came into the picture
(2) Why was AWS Key Management service Keys (DDSE-KMS), NOT be given as an option to choose, as it is well within S3?
AWS Key Management service Keys (DDSE-KMS) Vs. Encrypt your data using your own encryption keys, is it purely related to Cost?
Then, once the company is using CMK, (Encrypt your data using your own encryption keys), once encrypted on the client side;
(a) Which is the best protocol, which is most secure to upload to a S3?
(b) How does S3 (Based on Veen’s confusion), if the bucket is encrypted by default, does S3 accept encrypted data?
Regards,
Denzil