Correct answer - "SSE-S3" : Use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3) :
Each object is encrypted with a unique key employing strong multi-factor encryption. As an
additional safeguard, it encrypts the key itself with a master key that it regularly rotates.
Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit
Advanced Encryption Standard (AES-256), to encrypt your data.
"SSE-C" - You manage the encryption keys and Amazon S3 manages the encryption, as it writes to
disks, and decryption, when you access your objects
"Client Side Encryption" - You can encrypt data client-side and upload the encrypted data to
Amazon S3. In this case, you manage the encryption process, the encryption keys, and related
tools
"SSE-KMS" - Similar to SSE-S3 and also provides you with an audit trail of when your key was used
and by whom. Additionally, you have the option to create and manage encryption keys yourself
For more information visit