Correct answer - "SSE-KMS" : You have the option to create and manage encryption keys yourself,
or use a default key that is unique to you, the service you're using, and the region you're
working in.
"SSE-C" - When retrieving objects encrypted server-side with SSE-C, you must provide the same
encryption key as part of your request. Amazon S3 first verifies that the encryption key you
provided matches, and then decrypts the object before returning the object data to you
"Client Side Encryption" - Client side encryption is encrypting the data before sending to S3,
but your company is looking for server-side encryption
"SSE-S3" - With this option AWS encrypts the data at rest and handles the key