AWS Certified SysOps Administrator SOA-C01 – Question466

Amazon S3 provides a number of security features for protection of data at rest, which you can use or not, depending on your threat profile. What feature of S3 allows you to create and manage your own encryption keys for sending data?

A.
Client-side Encryption
B. Network traffic protection
C. Data integrity compromise
D. Server-side Encryption

Correct Answer: A

Explanation:

Explanation: With client-side encryption you create and manage your own encryption keys. Keys you create are not exported to AWS in clear text. Your applications encrypt data before submitting it to Amazon S3, and decrypt data after receiving it from Amazon S3. Data is stored in an encrypted form, with keys and algorithms only known to you. While you can use any encryption algorithm, and either symmetric or asymmetric keys to encrypt the data, the AWS-provided Java SDK offers Amazon S3 client-side encryption features. Reference: https://d0.awsstatic.com/whitepapers/aws-security-best-practices.pdf