AWS Certified Solutions Architect – Associate (SAA-C03) — Question 866

A company is migrating an application from an on-premises environment to AWS. The application will store sensitive data in Amazon S3. The company must encrypt the data before storing the data in Amazon S3.

Which solution will meet these requirements?

Answer options

• A. Encrypt the data by using client-side encryption with customer managed keys.
• B. Encrypt the data by using server-side encryption with AWS KMS keys (SSE-KMS).
• C. Encrypt the data by using server-side encryption with customer-provided keys (SSE-C).
• D. Encrypt the data by using client-side encryption with Amazon S3 managed keys.

Correct answer: A

Explanation

The requirement specifies that data must be encrypted before it is stored in Amazon S3, which necessitates client-side encryption. Option A is correct because client-side encryption with customer managed keys allows the application to encrypt the data locally before uploading it. Options B and C are incorrect because they represent server-side encryption methods where encryption occurs after the data reaches S3.