{"id":143,"date":"2021-01-04T08:10:27","date_gmt":"2021-01-04T08:10:27","guid":{"rendered":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/aws-certified-security-specialty-scs-c01-question136\/"},"modified":"2021-01-04T08:10:27","modified_gmt":"2021-01-04T08:10:27","slug":"aws-certified-security-specialty-scs-c01-question136","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/aws-certified-security-specialty-scs-c01-question136\/","title":{"rendered":"AWS Certified Security – Specialty SCS-C01 – Question136"},"content":{"rendered":"
A company has decided to migrate sensitive documents from on-premises data centers to Amazon S3. Currently, the hard drives are encrypted to meet a compliance requirement regarding data encryption. The CISO wants to improve security by encrypting each file using a different key instead of a single key. Using a different key would limit the security impact of a single exposed key.
\nWhich of the following requires the LEAST amount of configuration when implementing this approach?

A.<\/strong> Place each file into a different S3 bucket. Set the default encryption of each bucket to use a different AWS KMS customer managed key.
B.<\/strong> Put all the files in the same S3 bucket. Using S3 events as a trigger, write an AWS Lambda function to encrypt each file as it is added using different AWS KMS data keys.
C.<\/strong> Use the S3 encryption client to encrypt each file individually using S3-generated data keys
D.<\/strong> Place all the files in the same S3 bucket. Use server-side encryption with AWS KMS-managed keys (SSE-KMS) to encrypt the data<\/div>\n

<\/p>\n