Multiple Choice
A company has decided to migrate sensitive documents from on-premises data centers to Amazon S3. Currently, the hard drives are encrypted to meet a compliance requirement regarding data encryption. The CISO wants to improve security by encrypting each file using a different key instead of a single key. Using a different key would limit the security impact of a single exposed key. Which of the following requires the LEAST amount of configuration when implementing this approach?
A) Place each file into a different S3 bucket. Set the default encryption of each bucket to use a different AWS KMS customer managed key.
B) Put all the files in the same S3 bucket. Using S3 events as a trigger, write an AWS Lambda function to encrypt each file as it is added using different AWS KMS data keys.
C) Use the S3 encryption client to encrypt each file individually using S3-generated data keys
D) Place all the files in the same S3 bucket. Use server-side encryption with AWS KMS-managed keys (SSE-KMS) to encrypt the data
Correct Answer:
Verified
Correct Answer:
Verified
Q231: An application uses Amazon Cognito to manage
Q232: A company is collecting AWS CloudTrail log
Q233: An application has been built with Amazon
Q234: A Developer signed in to a new
Q235: A large company wants its Compliance team
Q237: A company's Developers plan to migrate their
Q238: A Security Engineer has been asked to
Q239: A company stores images for a website
Q240: A company has decided to use encryption
Q241: A company is operating an open-source software