Multiple Choice
Due to new compliance requirements, a Security Engineer must enable encryption with customer-provided keys on corporate data that is stored in DynamoDB. The company wants to retain full control of the encryption keys. Which DynamoDB feature should the Engineer use to achieve compliance'?
A) Use AWS Certificate Manager to request a certificate. Use that certificate to encrypt data prior to uploading it to DynamoDB.
B) Enable S3 server-side encryption with the customer-provided keys. Upload the data to Amazon S3, and then use S3Copy to move all data to DynamoDB
C) Create a KMS master key. Generate per-record data keys and use them to encrypt data prior to uploading it to DynamoDS. Dispose of the cleartext and encrypted data keys after encryption without storing.
D) Use the DynamoDB Java encryption client to encrypt data prior to uploading it to DynamoDB.
Correct Answer:
Verified
Correct Answer:
Verified
Q200: A company stores data on an Amazon
Q201: A water utility company uses a number
Q202: A public subnet contains two Amazon EC2
Q203: A corporate cloud security policy states that
Q204: A company's database developer has just migrated
Q206: A company plans to use custom AMIs
Q207: A company wants to control access to
Q208: A company had one of its Amazon
Q209: A Security Engineer must design a solution
Q210: The AWS Systems Manager Parameter Store is