SAA-C03 Domain 3: Design Secure Architectures

What is the MOST appropriate AWS solution to encrypt data at rest in S3 with customer-managed keys?

Multiple choice — select one answer

Answer choices

  1. a. SSE-KMS on Amazon S3
  2. b. AWS IAM with MFA
  3. c. AWS WAF
  4. d. VPC interface endpoints (AWS PrivateLink)

Architectural breakdown & explanation

SSE-KMS integrates with AWS KMS for key control.

Correct answer(s): a. SSE-KMS on Amazon S3

Exam domain: Domain 3: Design Secure Architectures (24% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the AWS Certified Solutions Architect – Associate bank. Run a full timed practice exam with domain-weighted random questions in your browser.