AWS Certified Cloud Practitioner — Question 508

Which encryption types can be used to protect objects at rest in Amazon S3? (Choose two.)

Answer options

• A. Server-side encryption with Amazon S3 managed encryption keys (SSE-S3)
• B. Server-side encryption with AWS KMS managed keys (SSE-KMS)
• C. TLS
• D. SSL
• E. Transparent Data Encryption (TDE)

Correct answer: A, B

Explanation

Amazon S3 supports SSE-S3 and SSE-KMS as native server-side encryption options to protect objects at rest. In contrast, TLS and SSL are network protocols designed to secure data in transit rather than data at rest. Transparent Data Encryption (TDE) is a database-specific encryption technology and is not applied directly to Amazon S3 objects.