AWS Certified Developer – Associate — Question 184

A company has an application that generates large binary data outside of AWS. The company must encrypt the data before uploading the data to an Amazon S3 bucket.

Which solution will meet this requirement?

Answer options

• A. Use the AWS Key Management Service (AWS KMS) encrypt command in the AWS CLI.
• B. Configure server-side encryption on the S3 bucket.
• C. Use the AWS Encryption SDK to perform client-side encryption of the data.
• D. Specify the x-amz-server-side-encryption header when uploading the data to the S3 bucket.

Correct answer: C

Explanation

The correct answer is C because using the AWS Encryption SDK allows for client-side encryption, which ensures the data is encrypted before it reaches S3. Options A and B refer to server-side encryption methods that do not meet the requirement of encrypting the data prior to upload, while option D also pertains to server-side encryption and is not suitable for pre-upload encryption.