S3 Encryption Flashcards Preview

A Cloud Guru - AWS SysOps Administrator Associate (2019) > S3 Encryption > Flashcards

Flashcards in S3 Encryption Deck (12)
Loading flashcards...
1
Q

What three states can data be encrypted?

A

In transit
At rest
Client side

2
Q

What protocols do in transit encryption use?

A

SSL/TLS

3
Q

What does SSL stand for?

A

Secure Socket Layer

4
Q

What does TLS stand for?

A

Transport Layer Security

5
Q

Where is data when it is “at rest”?

A

on the server, or “server-side”

6
Q

What three services does AWS provide so can you manage server-side encryption?

A

SSE-S3: S3 Managed Keys
SSE-KMS: AWS Key Management Service, Managed Keys
SSE-C: Server-Side encryption with customer-provided keys

7
Q

What is client-side encryption?

A

This is encrypting objects prior to uploading them to S3

8
Q

If a file is to be encrypted at upload time, what parameter will be included in the request header?

A

x-amz-server-side-encryption

9
Q

What two x-amz-server-side-encryption options exist?

A

x-amz-server-side-encryption: AES256

x-amz-server-side-encryption: ams:kms

10
Q

To what does x-amz-server-side-encryption: AES256 refer

A

SSE-S3

11
Q

To what does x-amz-server-side-encryption: ams:kms refer

A

SSE-KMS

12
Q

How can you enforce the use of server-side-encryption during a PUT request?

A

Bucket policy or;

Default encryption flag during bucket creation