AWS - S3 Fundamentals
You want to enforce that all objects uploaded to an S3 bucket use SSE-KMS encryption with a specific KMS key. Which combination achieves this?
You want to enforce that all objects uploaded to an S3 bucket use SSE-KMS encryption with a specific KMS key. Which combination achieves this?
hard📝 Application Q8 of 15
Step-by-Step Solution
Solution:
Step 1: Understand bucket default encryption settings
Bucket default encryption can be set to SSE-KMS with a specific KMS key ARN to enforce encryption.Step 2: Evaluate other options
SSE-S3 does not use KMS keys, client-side encryption is outside bucket control, and SSE-C does not use KMS keys.Final Answer:
Enable bucket default encryption with SSE-KMS and specify KMS key ARN -> Option DQuick Check:
Bucket default encryption + KMS key = enforced SSE-KMS [OK]
Quick Trick: Bucket default encryption with KMS key enforces SSE-KMS [OK]
Common Mistakes:
- Using SSE-S3 with KMS key ARN
- Thinking client-side encryption is enforced by bucket
- Confusing SSE-C with KMS key usage
Master "S3 Fundamentals" in AWS
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore AWS Quizzes