DEA-C01 Domain 4: Data Security and Governance

What is the MOST appropriate AWS solution to encrypt data at rest in S3 and Redshift?

Multiple choice — select one answer

Answer choices

  1. a. Cost allocation tags on S3 buckets and jobs
  2. b. Amazon Macie
  3. c. S3 Object Lock and lifecycle policies
  4. d. SSE-KMS

Architectural breakdown & explanation

KMS provides auditable encryption keys.

Correct answer(s): d. SSE-KMS

Exam domain: Domain 4: Data Security and Governance (18% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the AWS Certified Data Engineer – Associate bank. Run a full timed practice exam with domain-weighted random questions in your browser.