{"id":363,"date":"2022-02-09T05:51:41","date_gmt":"2022-02-09T05:51:41","guid":{"rendered":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/aws-certified-security-specialty-scs-c01-question297\/"},"modified":"2022-02-09T05:51:41","modified_gmt":"2022-02-09T05:51:41","slug":"aws-certified-security-specialty-scs-c01-question297","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/aws-certified-security-specialty-scs-c01-question297\/","title":{"rendered":"AWS Certified Security – Specialty SCS-C01 – Question297"},"content":{"rendered":"
A company has a PHP-based web application that uses Amazon S3 as an object store for user files. The S3 bucket that stores the files is configured for server-side encryption with S3 managed encryption keys (SSE-S3).
\nAccording to new security requirements, the company must control all encryption keys. Additionally, all objects in the S3 bucket must be encrypted by a key that the company controls.
\nWhich combination of steps must a security engineer take to meet these requirements? (Choose three.)

A.<\/strong> Create a new-customer managed CMK in AWS Key Management Service (AWS KMS).
B.<\/strong> Change the SSE-S3 configuration on the S3 bucket to server-side encryption with customer-provided encryption keys (SSE-C).
C.<\/strong> Configure the PHP SDK to use the SSE-S3 key to encrypt the data before the data is uploaded to Amazon S3.
D.<\/strong> Create an AWS managed CMK for Amazon S3 in AWS Key Management Service (AWS KMS).
E.<\/strong> Change the SSE-S3 configuration on the S3 bucket to server-side encryption with AWS KMS managed encryption keys (SSE-KMS).
F.<\/strong> Change all the S3 objects in the bucket to use the new encryption key.<\/div>\n

<\/p>\n