S3 Encryption

Question 1

What three states can data be encrypted?

Answer 1

In transit
At rest
Client side

Question 2

What protocols do in transit encryption use?

Answer 2

SSL/TLS

Question 3

What does SSL stand for?

Answer 3

Secure Socket Layer

Question 4

What does TLS stand for?

Answer 4

Transport Layer Security

Question 5

Where is data when it is “at rest”?

Answer 5

on the server, or “server-side”

Question 6

What three services does AWS provide so can you manage server-side encryption?

Answer 6

SSE-S3: S3 Managed Keys
SSE-KMS: AWS Key Management Service, Managed Keys
SSE-C: Server-Side encryption with customer-provided keys

Question 7

What is client-side encryption?

Answer 7

This is encrypting objects prior to uploading them to S3

Question 8

If a file is to be encrypted at upload time, what parameter will be included in the request header?

Answer 8

x-amz-server-side-encryption

Question 9

What two x-amz-server-side-encryption options exist?

Answer 9

x-amz-server-side-encryption: AES256

x-amz-server-side-encryption: ams:kms

Question 10

To what does x-amz-server-side-encryption: AES256 refer

Answer 10

SSE-S3

Question 11

To what does x-amz-server-side-encryption: ams:kms refer

Answer 11

SSE-KMS

Question 12

How can you enforce the use of server-side-encryption during a PUT request?

Answer 12

Bucket policy or;

Default encryption flag during bucket creation