AWS Certified Developer Associate (#118)

A Developer wants to encrypt new objects that are being uploaded to an Amazon S3 bucket by an application. There must be an audit trail of who has used the key during this process. There should be no change to the performance of the application. Which type of encryption meets these requirements?

Server-side encryption using S3-managed keys
Server-side encryption with AWS KMS-managed keys
Client-side encryption with a client-side symmetric master key
Client-side encryption with AWS KMS-managed keys