Multiple Choice
The company Security team requires that all data uploaded into an Amazon S3 bucket must be encrypted. The encryption keys must be highly available and the company must be able to control access on a per-user basis, with different users having access to different encryption keys. Which of the following architectures will meet these requirements? (Choose two.)
A) Use Amazon S3 server-side encryption with Amazon S3-managed keys. Allow Amazon S3 to generate an AWS/S3 master key, and use IAM to control access to the data keys that are generated.
B) Use Amazon S3 server-side encryption with AWS KMS-managed keys, create multiple customer master keys, and use key policies to control access to them.
C) Use Amazon S3 server-side encryption with customer-managed keys, and use AWS CloudHSM to manage the keys. Use CloudHSM client software to control access to the keys that are generated.
D) Use Amazon S3 server-side encryption with customer-managed keys, and use two AWS CloudHSM instances configured in high-availability mode to manage the keys. Use the CloudHSM client software to control access to the keys that are generated.
E) Use Amazon S3 server-side encryption with customer-managed keys, and use two AWS CloudHSM instances configured in high-availability mode to manage the keys. Use IAM to control access to the keys that are generated in CloudHSM.
Correct Answer:
Verified
Correct Answer:
Verified
Q768: A company has five physical data centers
Q769: In DynamoDB, "The data is eventually consistent"
Q770: A company has a policy that all
Q771: A Solutions Architect must create a cost-effective
Q772: A user has configured an EC2 instance
Q774: You must architect the migration of a
Q775: A company is designing a new highly
Q776: When using the AWS CLI for AWS
Q777: In DynamoDB, a projection is_.<br>A) systematic transformation
Q778: A company is running an application distributed