AWS Certified Cloud Practitioner (CLF-C02) — Question 204

Which encryption types can be used to protect objects at rest in Amazon S3? (Choose two.)

Answer options

• A. Server-side encryption with Amazon S3 managed encryption keys (SSE-S3)
• B. Server-side encryption with AWS KMS managed keys (SSE-KMS)
• C. TLS
• D. SSL
• E. Transparent Data Encryption (TDE)

Correct answer: A, B

Explanation

The correct answers, A and B, refer to server-side encryption methods specifically designed for Amazon S3, utilizing either Amazon's managed keys or AWS KMS keys. The other options, TLS and SSL, are protocols for securing data in transit, while TDE is a database encryption method that does not apply to S3 object storage.