A company wants to encrypt S3 objects using client-side encryption but also wants AWS to store encrypted objects. Which approach fits this requirement?

hard📝 Application Q9 of 15

AWS - S3 Fundamentals

AUse client-side encryption before upload; AWS stores encrypted data as-is

BUse SSE-S3 encryption only

CUse SSE-KMS with customer managed keys

DUse SSE-C with AWS managed keys

Step-by-Step Solution

Solution:

Step 1: Understand client-side encryption
Client-side encryption encrypts data before sending to AWS; AWS stores the encrypted blob without decrypting.
Step 2: Compare with server-side options
SSE-S3 and SSE-KMS encrypt data on AWS side; SSE-C requires customer keys but AWS decrypts and re-encrypts.
Final Answer:
Client-side encryption encrypts before upload; AWS stores encrypted data as-is -> Option A
Quick Check:
Client-side encryption = encrypt before upload [OK]

Quick Trick: Client-side encryption means AWS stores encrypted data unchanged [OK]

Common Mistakes:

Assuming SSE-C uses AWS managed keys
Confusing client-side with server-side encryption
Thinking AWS decrypts client-side encrypted data

Master "S3 Fundamentals" in AWS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More AWS Quizzes

A company wants to encrypt S3 objects using client-side encryption but also wants AWS to store encrypted objects. Which approach fits this requirement?

Step 1: Understand client-side encryption

Step 2: Compare with server-side options

Final Answer:

Quick Check:

Want More Practice?