A Development team is working on a case management solution that allows medical claims to be processed and reviewed. Users log in to provide information related to their medical and financial situations. As part of the application, sensitive documents such as medical records, medical imaging, bank statements, and receipts are uploaded to Amazon S3. All documents must be securely transmitted and stored. All access to the documents must be recorded for auditing. What is the MOST secure approach?
A) Use S3 default encryption using Advanced Encryption Standard-256 (AES-256) on the destination bucket.
B) Use Amazon Cognito for authorization and authentication to ensure the security of the application and documents.
C) Use AWS Lambda to encrypt and decrypt objects as they are placed into the S3 bucket.
D) Use client-side encryption/decryption with Amazon S3 and AWS KMS.

Question

Quizplus · Accepted Answer

Client-side encryption/decryption with Amazon S3 and AWS KMS ensures that data is encrypted before it is uploaded to S3 and decrypted after it is downloaded, providing end-to-end encryption. This approach also allows for detailed access logging and auditing through AWS CloudTrail.

A Development Team Is Working on a Case Management Solution