AWS Certified Solutions Architect Associate SAA-C03 Practice Question
An enterprise in the financial sector is planning to transition its customer-facing applications onto a cloud platform. Regulations in their industry require that all sensitive customer information be encrypted when stored. What approach should the architect recommend to ensure this enterprise's storage solution meets these encryption requirements?
Implement server-side encryption on object storage utilizing a managed key service.
Implement Secure Shell (SSH) for file transfers to the object storage to enable encryption for stored data.
Adopt client-side encryption practices before transferring data to the chosen cloud-based object storage.
Introduce multi-factor authentication for data access operations within the object storage service.
When dealing with sensitive customer information, especially within the financial sector, ensuring data is encrypted at rest is crucial to meet industry compliance standards. Using server-side encryption with managed keys ensures the data is automatically encrypted before being saved to the storage solution and decrypted only when accessed by an authorized request. This method provides robust security that is compliant with regulations without imposing the significant overhead and complexity that comes with managing the encryption process on the client's side. While using other methods like SSH for file transfers or enabling multi-factor authentication provides a layer of security for data in transit or access control, they do not meet the requirement for encryption at rest on the storage platform.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is server-side encryption and how does it work?
Open an interactive chat with Bash
What is a managed key service and why is it important?