Multiple Choice
An organization has a multi-petabyte workload that it is moving to Amazon S3, but the CISO is concerned about cryptographic wear-out and the blast radius if a key is compromised. How can the CISO be assured that AWS KMS and Amazon S3 are addressing the concerns? (Choose two.)
A) There is no API operation to retrieve an S3 object in its encrypted form.
B) Encryption of S3 objects is performed within the secure boundary of the KMS service.
C) S3 uses KMS to generate a unique data key for each individual object.
D) Using a single master key to encrypt all data includes having a single place to perform audits and usage validation.
E) The KMS encryption envelope digitally signs the master key during encryption to prevent cryptographic wear-out.
Correct Answer:
Verified
Correct Answer:
Verified
Q171: A company has developed a new Amazon
Q172: While analyzing a company's security solution, a
Q173: The Security Engineer is given the following
Q174: A Security Engineer is setting up an
Q175: A Security Engineer must design a system
Q177: A company is developing a highly resilient
Q178: A company is hosting a web application
Q179: Two Amazon EC2 instances in different subnets
Q180: An application has been built with Amazon
Q181: An Application Developer is using an AWS