Amazon SAA-C03 Exam - Topic 4 Question 71 Discussion

Actual exam question for Amazon's SAA-C03 exam

Question #: 71
Topic #: 4

A company needs to store confidential files on AWS. The company accesses the files every week. The company must encrypt the files by using envelope encryption, and the encryption keys must be rotated automatically. The company must have an audit trail to monitor encryption key usage.

Which combination of solutions will meet these requirements? (Select TWO.)

AStore the confidential files in Amazon S3.

BStore the confidential files in Amazon S3 Glacier Deep Archive.

CUse server-side encryption with customer-provided keys (SSE-C).

DUse server-side encryption with Amazon S3 managed keys (SSE-S3).

EUse server-side encryption with AWS KMS managed keys (SSE-KMS).

Show Suggested Answer

Suggested Answer: A, E

Amazon S3 is suitable for storing data that needs to be accessed weekly and integrates with AWS Key Management Service (KMS) to provide encryption at rest with server-side encryption using KMS-managed keys (SSE-KMS).

SSE-KMS uses envelope encryption and allows automatic key rotation and logging through AWS CloudTrail, satisfying the requirements for audit trails and compliance.

S3 Glacier Deep Archive is unsuitable due to its high retrieval latency. SSE-C requires customer-side management of encryption keys, with no support for automatic rotation or audit. SSE-S3 does not use customer-managed keys and lacks fine-grained control and auditing.

by Aleshia at Mar 30, 2026, 04:48 PM

Limited Time Offer

25%

Off

Get Premium SAA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!