Multiple Choice
A company needs to encrypt all of its data stored in Amazon S3. The company wants to use AWS Key Management Service (AWS KMS) to create and manage its encryption keys. The company's security policies require the ability to import the company's own key material for the keys, set an expiration date on the keys, and delete keys immediately, if needed. How should a security engineer set up AWS KMS to meet these requirements?
A) Configure AWS KMS and use a custom key store. Create a customer managed CMK with no key material. Import the company's keys and key material into the CMK.
B) Configure AWS KMS and use the default key store. Create an AWS managed CMK with no key material. Import the company's keys and key material into the CMK.
C) Configure AWS KMS and use the default key store. Create a customer managed CMK with no key material. Import the company's keys and key material into the CMK.
D) Configure AWS KMS and use a custom key store. Create an AWS managed CMK with no key material. Import the company's keys and key material into the CMK.
Correct Answer:
Verified
Correct Answer:
Verified
Q216: A company's security information events management (SIEM)
Q217: A distributed web application is installed across
Q218: The Security Engineer implemented a new vault
Q219: A company has Windows Amazon EC2 instances
Q220: The Security Engineer created a new AWS
Q222: A Security Administrator at a university is
Q223: Some highly sensitive analytics workloads are to
Q224: A company uses AWS Organization to manage
Q225: A Software Engineer is trying to figure
Q226: A company has an application that uses