Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS CSAA > S3 - Encryption > Flashcards

S3 - Encryption Flashcards

1
Q

What are the four methods for encrypting objects in Amazon S3?

A

Server-Side Encryption (SSE):

SSE-S3
SSE-KMS
SSE-C

Client-Side Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is SSE-S3, and how does it work?

A

Uses S3-managed keys (AES-256).
Keys are managed and owned by AWS.
To enable, set the header: “x-amz-server-side-encryption”: “AES256”.
Enabled by default for new buckets and objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is SSE-KMS, and how does it differ from SSE-S3?

A

Uses AWS Key Management Service (KMS) for encryption.
Offers user control over keys.
Keys are logged in AWS CloudTrail.
To enable, set the header: “x-amz-server-side-encryption”: “aws:kms”.
Requires KMS API calls, which count toward API quotas.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is SSE-C, and what is unique about it?

A

Uses customer-provided encryption keys.
Keys are managed outside AWS and sent via HTTPS.
Amazon S3 discards the key after encryption.
HTTPS is mandatory for secure transmission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is client-side encryption, and how does it work?

A

Encryption is performed by the client before uploading data to S3.
Clients manage the keys and encryption process.
Encrypted data is stored in S3 as-is.
Decryption occurs on the client side.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is encryption in transit, and why is it important?

A

Ensures secure data transmission between client and server using SSL/TLS.
Recommended to use HTTPS for secure connections.
Required for SSE-C encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How can you enforce encryption in transit for an S3 bucket?

A

Use a bucket policy to deny HTTP access. Set ‘SecureTransport’ to ‘False’ which requires HTTPS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the key advantages of SSE-KMS?

A

User control over encryption keys.
Logs key usage in CloudTrail.
Enhanced security by requiring access to both the object and the KMS key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the limitations of SSE-KMS?

A

Requires KMS API calls, which have rate limits (5,000–30,000 requests/second).
High throughput applications may encounter throttling.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How can you force a specific type of encryption on an S3 bucket?

A

Use a bucket policy and state that any API calls without a specific encryption header will be rejected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Cross Origin Resource Sharing (CORS)?

A

It’s a mechanism that allows requests from one origin (e.g. a static web page) to access objects in another bucket. You must enable CORS on the second bucket.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AWS CSAA (44 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions