A company has an application that uses an Amazon S3 bucket for object storage. A developer needs to configure in-transit encryption for the S3 bucket. All the S3 objects containing personal data needs to be encrypted at rest with AWS Key Management Service (AWS KMS) keys, which can be rotated on demand. Which combination of steps will meet these requirements? (Choose two.)

Topic #: - All AWS Certified Developer - Associate DVA-C02 Questions

A. Write an S3 bucket policy to allow only encrypted connections over HTTPS by using permissions boundary.
B. Configure an S3 bucket policy to enable client-side encryption for the objects containing personal data by using an AWS KMS customer managed key.
C. Configure the application to encrypt the objects by using an AWS KMS customer managed key before uploading the objects containing personal data to Amazon S3.
D. Write an S3 bucket policy to allow only encrypted connections over HTTPS by using the aws:SecureTransport condition.
E. Configure S3 Block Public Access settings for the S3 bucket to allow only encrypted connections over HTTPS.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion