CLF-C02 Domain 2: Security and Compliance

Encryption of data at rest on Amazon S3 is often implemented using:

Multiple choice — select one answer

Answer choices

  1. a. Route 53 health checks, while leaving refresh tokens and OAuth consent grants active pending user callback, without security or identity team coordination per policy.
  2. b. S3 server-side encryption with KMS or S3-managed keys
  3. c. Resources shared with external entities, without preserving cloud audit logs or hunting mailbox rules and delegate permissions, without security or identity team coordination per policy.
  4. d. Creating and managing encryption keys, using password reset alone and deferring session revocation until the next business day

Architectural breakdown & explanation

S3 supports SSE-S3, SSE-KMS, and client-side encryption options.

Correct answer(s): b. S3 server-side encryption with KMS or S3-managed keys

Exam domain: Domain 2: Security and Compliance (30% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the AWS Certified Cloud Practitioner bank. Run a full timed practice exam with domain-weighted random questions in your browser.