ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 93 - DVA-C02 discussion

Report
Export

A developer is planning to migrate on-premises company data to Amazon S3. The data must be encrypted, and the encryption Keys must support automate annual rotation. The company must use AWS Key Management Service (AWS KMS) to encrypt the data.

When type of keys should the developer use to meet these requirements?

A.
Amazon S3 managed keys
Answers
A.
Amazon S3 managed keys
B.
Symmetric customer managed keys with key material that is generated by AWS
Answers
B.
Symmetric customer managed keys with key material that is generated by AWS
C.
Asymmetric customer managed keys with key material that generated by AWS
Answers
C.
Asymmetric customer managed keys with key material that generated by AWS
D.
Symmetric customer managed keys with imported key material
Answers
D.
Symmetric customer managed keys with imported key material
Suggested answer: B

Explanation:

The type of keys that the developer should use to meet the requirements is symmetric customer managed keys with key material that is generated by AWS. This way, the developer can use AWS Key Management Service (AWS KMS) to encrypt the data with a symmetric key that is managed by the developer. The developer can also enable automatic annual rotation for the key, which creates new key material for the key every year. The other options either involve using Amazon S3 managed keys, which do not support automatic annual rotation, or using asymmetric keys or imported key material, which are not supported by S3 encryption.

Reference: Using AWS KMS keys to encrypt S3 objects

asked 16/09/2024
Vishal Sahare
44 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first