Free AWS DVA-C02 Actual Exam Questions - Question 6 Discussion
Question No. 6
A social media company is designing a platform that allows users to upload data, which is stored in
Amazon S3. Users can upload data encrypted with a public key. The company wants to ensure that
only the company can decrypt the uploaded content using an asymmetric encryption key. The data
must always be encrypted in transit and at rest.
Options:
Amazon S3. Users can upload data encrypted with a public key. The company wants to ensure that
only the company can decrypt the uploaded content using an asymmetric encryption key. The data
must always be encrypted in transit and at rest.
Options:
Select one option, then reveal solution.
US
AY
Andre Y.
2026-02-15
Not A, since SSE-S3 uses symmetric keys managed by AWS, which doesn’t guarantee only the company can decrypt. They need control over the keys, so server-side with AWS-managed keys won’t meet that requirement.
0
AY
Andre Y.
2026-02-12
Maybe D fits best since client-side encryption with a customer-managed key means the company controls the decryption keys, matching the asymmetric requirement better than server-side options.
0
EE
Ethan E.
2026-01-16
Option C seems right since S3 Object Lambda is designed to modify data on the fly when accessed. The other options don’t really fit the use case here. Anyone else confused about A and B?
0