Q87 — AWS DEA-C01 Ch.1

Question 87 of 100 | ← Chapter 1

A company uses a data lake that is based on an Amazon S3 bucket. To comply with regulations, the company must apply two layers of server-side encryption to files that are uploaded to the S3 bucket. The company wants to use an AWS Lambda function to apply the necessary encryption. Which solution will meet these requirements?

Correct Answer: B. Use dual-layer server-side encryption with AWS KMS keys (DSSE-KMS).

Explanation

为满足公司对数据湖的两层服务器端加密要求,选项B中的使用带有AWSKMS密钥的双层服务器端加密(DSSE-KMS)是专门针对此需求的解决方案。其他选项:A选项的使用方式并非针对两层加密;C选项的客户提供密钥的服务器端加密在上传前不符合使用AWSLambda函数的要求;D选项的单一服务器端加密不符合两层加密的需求。所以,正确答案是B。