AWS Certified SysOps Administrator SOA-C01 – Question467 In AWS KMS, which of the following is NOT a mode of server-side encryption that you can use to protect data at rest in Amazon S3? A. SSE-S3 B. SSE-K C. SSE-C D. SSE-KMS Show Answer Hide Answer Correct Answer: B Explanation: Explanation: You can protect data at rest in Amazon S3 by using three different modes of server-side encryption: SSES3, SSE-C, or SSE-KMS. Reference: http://docs.aws.amazon.com/kms/latest/developerguide/services-s3.html