Correct answer - "SSE-C" : Using server-side encryption with customer-provided encryption keys
(SSE-C) allows you to set your own encryption keys. With the encryption key you provide as part
of your request, Amazon S3 manages both the encryption, as it writes to disks, and decryption,
when you access your objects.
Incorrect:
"SSE-KMS" - You can create your own keys using this service but its a bit more advanced
"Client Side Encryption" - The data is encrypted on the client side and is encrypted at rest but
to download the file again, the client must decrypt it