Correct answer - "Enable SQS KMS encryption" : You can now choose to have SQS encrypt messages
stored in both Standard and FIFO queues using an encryption key provided by AWS Key Management
Service (KMS).
Incorrect:
"Use the SSL endpoint" - Our requirement demands encryption at rest. When dealing with SSL the
data is encrypted during transit but once at rest the data needs a way to be encrypted also
"Use Client side encryption" - For additional security, you can build your application to encrypt
messages before they are placed in a message queue but will require code change
"Change the IAM policy" - An IAM policy helps with access control but not forcing encryption