A Solutions Architect must design a solution that encrypts data in Amazon S3. Corporate policy mandates encryption keys be generated and managed on premises.
Which solution should the Architect use to meet the security requirements?
A. AWS CloudHSM
B. SSE-KMS: Server-side encryption with AWS KMS managed keys
C. SSE-S3: Server-side encryption with Amazon-managed master key
D. SSE-C: Server-side encryption with customer-provided encryption keys