AWS Certified SysOps Administrator – Associate (legacy) — Question 331

A sys admin is using server side encryption with AWS S3. Which of the below mentioned statements helps the user understand the S3 encryption functionality?

Answer options

• A. The server side encryption with the user supplied key works when versioning is enabled
• B. The user can use the AWS console, SDK and APIs to encrypt or decrypt the content for server side encryption with the user supplied key
• C. The user must send an AES-128 encrypted key
• D. The user can upload his own encryption key to the S3 console

Correct answer: A

Explanation

Server-side encryption with customer-provided keys (SSE-C) is fully compatible with S3 versioning, allowing different versions of an object to be encrypted. However, SSE-C cannot be used directly through the AWS Management Console because the console does not support uploading or managing objects with customer-provided keys. Additionally, AWS S3 requires a 256-bit AES key (AES-256) for SSE-C, making the AES-128 requirement incorrect.