AWS Certified SysOps Administrator – Associate (legacy) — Question 725

A company wants to review the security requirements of Glacier. Which of the below mentioned statements is true with respect to the AWS Glacier data security?

Answer options

• A. The user can set the serverside encryption flag to encrypt the data stored on Glacier.
• B. All data stored on Glacier is protected with AES-256 server-side encryption.
• C. All data stored on Glacier is protected with AES-128 server-side encryption.
• D. The data stored on Glacier is not encrypted by default.

Correct answer: B

Explanation

Amazon Glacier automatically encrypts all data at rest by default using 256-bit Advanced Encryption Standard (AES-256) cryptographic keys. Because this encryption is applied automatically to all stored archives, users do not need to manually enable encryption flags, which rules out options A and D. Option C is incorrect because Glacier utilizes the stronger AES-256 standard rather than AES-128.