A user has enabled versioning on an S3 bucket. The user is using server-side encryption for data at Rest. If the user is supplying his own keys for encryption SSE-C., which of the below mentioned statements is true?

Answer options:

A.The user should use the same encryption key for all versions of the same object.
B.It is possible to have different encryption keys for different versions of the same object.
C.AWS S3 does not allow the user to upload his own keys for server-side encryption.
D.The SSE-C does not work when versioning is enabled.

Answer: B
Option A is incorrect because ideally, you should use different encryption keys for different versions of objects and provide additional security.
Option B is CORRECT because using server-side encryption with customer-provided encryption keys (SSE-C) allows you to set your own encryption keys.
Option C is incorrect because AWS S3 allows users to provide their own encryption keys. If your bucket is versioning-enabled, each object version you upload using this feature can have its own encryption key. You are responsible for tracking which encryption key was used for which object version.
Option D is incorrect because SSE-C encryption works even if versioning is enabled.
For more information on client-side encryption, kindly refer to the below URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html