AWS Certified Cloud Practitioner — Question 835

Which AWS service or feature enables users to encrypt data at rest in Amazon S3?

Answer options

• A. IAM policies
• B. Server-side encryption
• C. Amazon GuardDuty
• D. Client-side encryption

Correct answer: B

Explanation

Server-side encryption protects data at rest in Amazon S3 by encrypting the object before saving it to disk and decrypting it when downloaded. While client-side encryption is an option, server-side encryption is the primary S3-managed feature for this purpose. IAM policies control access permissions, and Amazon GuardDuty is used for security monitoring rather than data encryption.