AWS Certified SysOps Administrator – Associate (legacy) — Question 329

A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at Rest. If the user is supplying his own keys for encryption
(SSE-C., which of the below mentioned statements is true?

Answer options

• A. The user should use the same encryption key for all versions of the same object
• B. It is possible to have different encryption keys for different versions of the same object
• C. AWS S3 does not allow the user to upload his own keys for server side encryption
• D. The SSE-C does not work when versioning is enabled

Correct answer: B

Explanation

With SSE-C, Amazon S3 encrypts each object version independently, allowing you to use different encryption keys for different versions of the same object. There is no requirement to maintain the same key across versions, and SSE-C is fully compatible with S3 versioning. Therefore, users have the flexibility to manage unique keys for each specific version of their data.