SCS-C02 Domain 5: Data Protection

After a design review, leadership requires the team to encrypt S3 with CMKs. Which approach is MOST reliable? encrypt S3 with CMKs.

Multiple choice — select one answer

Answer choices

  1. a. Automatic annual rotation in KMS
  2. b. Amazon Macie
  3. c. TLS 1.2+ on ALB/API and s3:// policies
  4. d. SSE-KMS

Architectural breakdown & explanation

CMKs give customer control and audit via KMS.

Correct answer(s): d. SSE-KMS

Exam domain: Domain 5: Data Protection (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the AWS Certified Security – Specialty bank. Run a full timed practice exam with domain-weighted random questions in your browser.