Correct answers - "KMS encryption for data at rest & Encryption in flight with HTTPS
endpoint" : Server-side encryption is a feature in Amazon Kinesis Data Streams that
automatically encrypts data before it's at rest by using an AWS KMS customer master key (CMK)
you specify. Data is encrypted before it's written to the Kinesis stream storage layer, and
decrypted after it's retrieved from storage. As a result, your data is encrypted at rest within
the Kinesis Data Streams service. Also the HTTPS protocol ensures that data inflight is
encrypted as well.
Incorrect:
"SSE-C encryption" - SSE-C is functionality in Amazon S3 where you encrypt your data, on your
behalf, using keys that you provide. With Kinesis Streams you can choose to encrypt the data
yourself to a data stream