You know that all data is encrypted in transit on AWS, but which of the following is wrong when describing server-side encryption on AWS?
A client of yours has a huge amount of data stored on Amazon S3, but is concerned about someone stealing it while it is in transit.
You know that all data is encrypted in transit on AWS, but which of the following is wrong when describing server-side encryption on AWS?
A . Amazon S3 server-side encryption employs strong multi-factor encryption.
B . Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.
C . In server-side encryption, you manage encryption/decryption of your data, the encryption keys, and related tools.
D . Server-side encryption is about data encryption at rest―that is, Amazon S3 encrypts your data as it writes it to disks.
Answer: C
Explanation:
Amazon S3 encrypts your object before saving it on disks in its data centers and decrypts it when you download the objects. You have two options depending on how you choose to manage the encryption keys: Server-side encryption and client-side encryption.
Server-side encryption is about data encryption at rest―that is, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it for you when you access it. As long as you authenticate your request and you have access permissions, there is no difference in the way you access encrypted or unencrypted objects. Amazon S3 manages encryption and decryption for you. For example, if you share your objects using a pre-signed URL, that URL works the same way for both encrypted and unencrypted objects.
In client-side encryption, you manage encryption/decryption of your data, the encryption keys, and related tools. Server-side encryption is an alternative to client-side encryption in which Amazon S3 manages the encryption of your data, freeing you from the tasks of managing encryption and encryption keys.
Amazon S3 server-side encryption employs strong multi-factor encryption. Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.
Reference: http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
Latest AWS-Solution-Architect-Associate Dumps Valid Version with 986 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund