AWS Certified Data Engineer – Associate (DEA-C01) — Question 103

A company uses a data lake that is based on an Amazon S3 bucket. To comply with regulations, the company must apply two layers of server-side encryption to files that are uploaded to the S3 bucket. The company wants to use an AWS Lambda function to apply the necessary encryption.

Which solution will meet these requirements?

Answer options

• A. Use both server-side encryption with AWS KMS keys (SSE-KMS) and the Amazon S3 Encryption Client.
• B. Use dual-layer server-side encryption with AWS KMS keys (DSSE-KMS).
• C. Use server-side encryption with customer-provided keys (SSE-C) before files are uploaded.
• D. Use server-side encryption with AWS KMS keys (SSE-KMS).

Correct answer: B

Explanation

The correct answer is B, as dual-layer server-side encryption with AWS KMS keys (DSSE-KMS) is specifically designed to meet the requirement of applying two layers of encryption. Option A does not provide a dual-layer solution as it combines two different methods, while options C and D only involve single-layer encryption methods and therefore do not meet the compliance requirement.