A company’s application runs on Amazon EC2 and stores data in an Amazon S3 bucket The company wants additional security controls in place to limit the likelihood of accidental exposure of data to external parties.
Which combination of actions will meet this requirement? (Select THREE.)
A . Encrypt the data in Amazon S3 using server-side encryption with Amazon S3 managed encryption keys (SSE-S3)
B . Encrypt the data in Amazon S3 using server-side encryption with AWS KMS managed encryption keys (SSE-KMS)
C . Create a new Amazon S3 VPC endpoint and modify the VPC’s routing tables to use the new endpoint
D . Use the Amazon S3 Block Public Access feature.
E . Configure the bucket policy to allow access from the application instances only
F . Use a NACL to filter traffic to Amazon S3
Answer: B,C,E