Multiple Choice
A company's data lake uses Amazon S3 and Amazon Athena. The company's security engineer has been asked to design an encryption solution that meets the company's data protection requirements. The encryption solution must work with Amazon S3 and keys managed by the company. The encryption solution must be protected in a hardware security module that is validated to Federal information Processing Standards (FIPS) 140-2 Level 3. Which solution meets these requirements?
A) Use client-side encryption with an AWS KMS customer-managed key implemented with the AWS Encryption SDK.
B) Use AWS CloudHSM to store the keys and perform cryptographic operations. Save the encrypted text in Amazon S3.
C) Use an AWS KMS customer-managed key that is backed by a custom key store using AWS CloudHSM.
D) Use an AWS KMS customer-managed key with the bring your own key (BYOK) feature to import a key stored in AWS CloudHSM.
Correct Answer:
Verified
Correct Answer:
Verified
Q25: A company has multiple production AWS accounts.
Q26: A company needs to retain log data
Q27: A company had one of its Amazon
Q28: A company uses HTTP Live Streaming (HLS)
Q29: A company is implementing a new application
Q31: A company has five AWS accounts and
Q32: A company recently experienced a DDoS attack
Q33: A company plans to move most of
Q34: A company uses an AWS Key Management
Q35: A company plans to use custom AMIs