You are planning to use AWS Kinesis Data Streams for an application developed for a company. The company policy mandates that all data stored at rest should be encrypted.
How can you accomplish this in the easiest way for Kinesis Data Streams?

Answer options:

A.Use the SDK for Kinesis to encrypt the data before being stored at rest.
B.Enable server-side encryption for Kinesis Data Streams.
C.Enable client-side encryption for Kinesis Data Streams.
D.Use the AWS CLI to encrypt the data.

Answer: B
Options A is incorrect because this would involve too much effort for encrypting and decrypting the streams by using SDK.
Option B is CORRECT because server-side encryption is a feature in Amazon Kinesis Data Streams that automatically encrypts data before it`s at rest by using an AWS KMS customer master key (CMK) you specify. Data is encrypted before it`s written to the Kinesis Data Stream storage layer and decrypted after it’s retrieved from storage. As a result, your data is encrypted at rest within the Kinesis Data Streams service. This allows you to meet strict regulatory requirements and enhance the security of your data.
Options C is incorrect because this would involve too much effort for encrypting and decrypting the streams by using client-side encryption.
Option D is incorrect since this is the same as encrypting the data before it reaches the Kinesis Data Stream which is not required as per the asks.
Reference:
https://docs.aws.amazon.com/streams/latest/dev/what-is-sse.html