Question 9:
Server-side encryption is about data encryption at rest. That is, Amazon S3 encrypts your data at the object level as it writes it to disk in its data centers and decrypts it for you when you go to access it. A few different options are depending on how you choose to manage the encryption keys. One of the options is called `Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)`. Which of the following best describes how this encryption method works?
Answer options:
A.There are separate permissions for the use of an envelope key (a key that protects your data`s encryption key) that provides added protection against unauthorized access of your objects in S3 and also provides you with an audit trail of when your key was used and by whom. B.Each object is encrypted with a unique key employing strong encryption. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates. C.You manage the encryption keys and Amazon S3 manages the encryption, as it writes to disk, and decryption when you access your objects. D.A randomly generated data encryption key is returned from Amazon S3, which is used by the client to encrypt the object data.