🔥 3-day streak
AWS Certified Solutions Architect - Associate112 / 150
Question 112 of 150
A healthcare company stores patient records as objects in an Amazon S3 bucket. Compliance requires that every object be encrypted at rest using a customer managed KMS key, and that the security team be able to audit and control which principals can decrypt the data. The team wants to guarantee that any object uploaded — regardless of whether the client specified encryption headers — is automatically encrypted with the correct key. Which approach meets these requirements with the least operational overhead?
Reviewed for accuracy · Report an issueNext question →