What is true about server-side encryption in Amazon S3 using customer-provided keys (SSE-C)?

Disable ads (and more) with a premium pass for a one time $4.99 payment

Prepare for the Amazon Web Services (CISN 74A) Security Test with our interactive quizzes. Use multiple choice questions with detailed hints and explanations to ace your exam.

In the context of Amazon S3 and server-side encryption using customer-provided keys (SSE-C), it is true that the customer retains control of the keys. With SSE-C, customers are responsible for providing their own encryption keys whenever they upload or retrieve objects from Amazon S3. This means that customers have the autonomy to manage their encryption keys outside of Amazon's infrastructure, allowing them to implement their own key management practices.

SSE-C provides a higher level of security and compliance for those who require full control over their encryption keys, as it enables customers to rotate keys or establish specific access controls without relying on Amazon S3 to manage those keys. The need for customer involvement in the encryption key management process underscores the flexibility and control offered by this approach, distinguishing it from other server-side encryption methods where AWS takes on the responsibility of key management.

More Multiple Choice Questions