A company has a large number of datasets that are being sent over to S3 for storage. They want their Data science team to query the data using the AWS Athena service. There is the additional requirement for ensuring the data is encrypted at rest. When it comes to the encryption, the following are the key requirements
Custom Keys are used for encryption for one central data set
Generic Encryption is used for all other data sets
Which of the following would you use to fulfil this requirement? Choose 2 answers from the options given below.

Answer options:

A.S3 Server-side for the one central data set with S3 Managed Keys
B.S3 Server-side Encryption for the one central data set with KMS Managed Keys
C.S3 Server-side Encryption for the one central data set with client-side keys
D.S3 client-side Encryption for the one central data set with client-side keys
E.S3 Server-side for the other data sets with S3 Managed Keys
F.S3 Server-side for the other data sets with client-side Managed Keys

Answer – B and E
The AWS Documentation mentions the following
Athena supports the following Amazon S3 encryption options, both for encrypted datasets in Amazon S3 and for encrypted query results:
Server side encryption with an Amazon S3-managed key (SSE-S3)
Server-side encryption with a AWS KMS-managed key (SSE-KMS).
Client-side encryption with a AWS KMS-managed key (CSE-KMS)
Option A is incorrect since there is a requirement for custom keys to be used for the central data set
Options C ,D and F are incorrect since Athena does not support either option
For more information on encryption with Athena, please refer to the below URL
https://docs.aws.amazon.com/athena/latest/ug/encryption.html