Practice free →
HomeAWS Developer Associatecloudcomputingawsdevsecurity › An application must encrypt user-uploaded files …

An application must encrypt user-uploaded files in S3 with a key the customer controls (CMK rotation, audit, access policies). Which encryption mode satisfies this?

ANo encryption — rely on bucket policy
BClient-side encryption using a key stored in a public file
CServer-side encryption with KMS (SSE-KMS) using a customer-managed CMK
DSSE-S3 with AWS-managed keys only
Answer & Solution
Correct answer: C. Server-side encryption with KMS (SSE-KMS) using a customer-managed CMK
SSE-KMS with a customer-managed CMK gives full lifecycle control: rotation, key policies, audit via CloudTrail. SSE-S3 hides the keys entirely. No encryption / public keys fail the requirement.
Solve this in the app — AWS Developer Associate practice & 24k+ MCQs →
Related questions