What is a characteristic of Amazon S3 server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS)?

Disable ads (and more) with a premium pass for a one time $4.99 payment

Prepare for the Amazon Web Services (CISN 74A) Security Test with our interactive quizzes. Use multiple choice questions with detailed hints and explanations to ace your exam.

Choosing the option that indicates that the customer can audit usage of the key accurately reflects a key feature of Amazon S3 server-side encryption with AWS Key Management Service (SSE-KMS).

When using SSE-KMS, customers retain a level of control and responsibility regarding the encryption keys. Specifically, AWS allows customers to create and manage their own customer master keys (CMKs) through the AWS Key Management Service. This means that customers can track the usage of these keys via AWS CloudTrail, which records all API calls made on these keys. This capability enhances security by providing an audit trail that enables customers to understand who accessed or used their encryption keys and when.

The ability to audit key usage is essential for maintaining security and compliance, allowing organizations to ensure that their data encryption practices align with internal and external regulatory requirements. This transparency in key management is a significant benefit of using SSE-KMS, reinforcing the importance of understanding key usage in maintaining robust data security in AWS.

More Multiple Choice Questions