Multiple Choice
A large government organization is moving to the cloud and has specific encryption requirements. The first workload to move requires that a customer's data be immediately destroyed when the customer makes that request. Management has asked the security team to provide a solution that will securely store the data, allow only authorized applications to perform encryption and decryption, and allow for immediate destruction of the data. Which solution will meet these requirements?
A) Use AWS Secrets Manager and an AWS SDK to create a unique secret for the customer-specific data.
B) Use AWS Key Management Service (AWS KMS) and the AWS Encryption SDK to generate and store a data encryption key for each customer.
C) Use AWS Key Management Service (AWS KMS) with service-managed keys to generate and store customer-specific data encryption keys.
D) Use AWS Key Management Service (AWS KMS) and create an AWS CloudHSM custom key store. Use CloudHSM to generate and store a new CMK for each customer.
Correct Answer:
Verified
Correct Answer:
Verified
Q162: A Security Engineer is trying to determine
Q163: A company has a forensic logging use
Q164: A Security Engineer who was reviewing AWS
Q165: A Security Engineer is asked to update
Q166: A company is storing data in Amazon
Q168: An organization wants to deploy a three-tier
Q169: A security engineer noticed an anomaly within
Q170: The Development team receives an error message
Q171: A company has developed a new Amazon
Q172: While analyzing a company's security solution, a