A company is planning on using AWS Kinesis firehose to stream their log files onto S3. They need to ensure that source data stream for firehorse is encrypted. How can they achieve this? Choose 2 options

Answer options:

A.Use Kinesis data streams as a source.
B.Enable encryption at rest in Kinesis Firehose
C.Enable server-side encryption for S3 using AWS Managed Keys
D.Enable server-side encryption for S3 using KMS Keys

Answer – A and B
The AWS Documentation mentions the following
If you have sensitive data, you can enable server-side data encryption when you use Amazon Kinesis Data Firehose. But you can only do this if you use a Kinesis data stream as your data source. When you configure a Kinesis data stream as the data source of a Kinesis Data Firehose delivery stream, Kinesis Data Firehose no longer stores the data at rest. Instead, the data is stored in the data stream.
When you send data from your data producers to your Kinesis data stream, Kinesis Data Streams encrypts your data using an AWS KMS key before storing it at rest. When your Kinesis Data Firehose delivery stream reads the data from your Kinesis stream, Kinesis Data Streams first decrypts the data and then sends it to Kinesis Data Firehose.
Options C and D are incorrect since the encryption needs to be done at the stream level as per the requirement
For more information on Firehose encryption, please visit the url
https://docs.aws.amazon.com/firehose/latest/dev/encryption.html