A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at rest. If the
user is supplying his own keys for encryption (SSE-C., what is recommended to the user for the purpose of
security?
A.
The user should not use his own security key as it is not secure
B.
Configure S3 to rotate the user’s encryption key at regular intervals
C.
Configure S3 to store the user’s keys securely with SSL
D.
Keep rotating the encryption key manually at the client side
Explanation:
AWS S3 supports client side or server side encryption to encrypt all data at Rest. The server side encryption
can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call
to supply his own encryption key (SSE-C.. Since S3 does not store the encryption keys in SSE-C, it is
recommended that the user should manage keys securely and keep rotating them regularly at the client side
version.
Important
Amazon S3 will reject any requests made over http when using SSE-C. For security considerations, we recommend you consider any key you send erroneously using http to be compromised. You should discard the key, and rotate as appropriate.
D.
Keep rotating the encryption key manually at the client side
http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
0
0
I am torn between C and D but storing the key on s3 itself raises alarm
0
0
d
0
0
D
0
0