AWS Certified SysOps Administrator – Associate (legacy) — Question 802

Amazon S3 provides a number of security features for protection of data at rest, which you can use or not, depending on your threat profile. What feature of S3 allows you to create and manage your own encryption keys for sending data?

Answer options

• A. Client-side Encryption
• B. Network traffic protection
• C. Data integrity compromise
• D. Server-side Encryption

Correct answer: A

Explanation

Client-side Encryption allows you to encrypt data locally before uploading it to Amazon S3, giving you absolute control over the creation and management of your encryption keys. In contrast, Server-side Encryption delegates the encryption process and key management (or usage) to AWS at the storage level. Network traffic protection focuses on securing data in transit rather than managing keys for data at rest, and data integrity compromise is a risk rather than a security feature.