A company has decided to migrate sensitive documents from on-premises data centers to Amazon S3. Currently, the hard drives are encrypted to meet a compliance requirement regarding data encryption. The CISO wants to improve security by encrypting each file using a different key instead of a single key. Using a different key would limit the security impact of a single exposed key. Which of the following requires the LEAST amount of configuration when implementing this approach?
A) Place each file into a different S3 bucket. Set the default encryption of each bucket to use a different AWS KMS customer managed key.
B) Put all the files in the same S3 bucket. Using S3 events as a trigger, write an AWS Lambda function to encrypt each file as it is added using different AWS KMS data keys.
C) Use the S3 encryption client to encrypt each file individually using S3-generated data keys
D) Place all the files in the same S3 bucket. Use server-side encryption with AWS KMS-managed keys (SSE-KMS) to encrypt the data
Correct Answer:
Verified
Q86: A company has an encrypted Amazon S3
Q87: An Application team has requested a new
Q88: A Security Administrator is restricting the capabilities
Q89: A company's Developers plan to migrate their
Q90: A Security Engineer manages AWS Organizations for
Q92: A Development team has built an experimental
Q93: A company became aware that one of
Q94: An Amazon EC2 instance is denied access
Q95: A Security Engineer signed in to the
Q96: Auditors for a health care company have
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents