ExpertMedium1 markMultiple Choice
AWS SAP-C02 · Question 41 · Domain 1.2: Security Controls
A company has a strict regulatory requirement that all data stored in Amazon S3 must be encrypted using keys managed by the company, and the company must be able to immediately revoke access to the keys. Which encryption strategy should they use?
A company has a strict regulatory requirement that all data stored in Amazon S3 must be encrypted using keys managed by the company, and the company must be able to immediately revoke access to the keys. Which encryption strategy should they use?
Answer options:
A.
Server-Side Encryption with Amazon S3 Managed Keys (SSE-S3).
B.
Server-Side Encryption with AWS KMS Customer Managed Keys (SSE-KMS).
C.
Server-Side Encryption with AWS KMS AWS Managed Keys (aws/s3).
D.
Client-Side Encryption using the AWS Encryption SDK.
How to approach this question
Identify the KMS key type that provides full customer control.
Full Answer
B.Server-Side Encryption with AWS KMS Customer Managed Keys (SSE-KMS).✓ Correct
AWS KMS Customer Managed Keys give you full control over the key, including the ability to disable or schedule deletion, which immediately revokes access to any data encrypted with it.
Common mistakes
Confusing AWS Managed Keys with Customer Managed Keys.
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 2
75 questions · hints · full answers · grading
More questions from this exam
Q01A company is setting up a multi-account AWS environment using AWS Organizations. They need to ens...EasyQ02An enterprise needs to connect its on-premises data center to AWS. They require a dedicated, priv...EasyQ03A company wants to share a single AWS Transit Gateway across multiple AWS accounts within their A...EasyQ04An architect needs to design a highly available database architecture that spans multiple AWS Reg...EasyQ05A global financial institution is migrating its core banking application to AWS. The application ...Medium