ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 179 - SCS-C01 discussion

Report
Export

Which of the following is the most efficient way to automate the encryption of AWS CloudTrail logs using a Customer Master Key (CMK) in AWS KMS?

A.
Use the KMS direct encrypt function on the log data every time a CloudTrail log is generated.
Answers
A.
Use the KMS direct encrypt function on the log data every time a CloudTrail log is generated.
B.
Use the default Amazon S3 server-side encryption with S3-managed keys to encrypt and decrypt the CloudTrail logs.
Answers
B.
Use the default Amazon S3 server-side encryption with S3-managed keys to encrypt and decrypt the CloudTrail logs.
C.
Configure CloudTrail to use server-side encryption using KMS-managed keys to encrypt and decrypt CloudTrail logs.
Answers
C.
Configure CloudTrail to use server-side encryption using KMS-managed keys to encrypt and decrypt CloudTrail logs.
D.
Use encrypted API endpoints so that all AWS API calls generate encrypted CloudTrail log entries using the TLS certificate from the encrypted API call.
Answers
D.
Use encrypted API endpoints so that all AWS API calls generate encrypted CloudTrail log entries using the TLS certificate from the encrypted API call.
Suggested answer: C

Explanation:

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html

asked 16/09/2024
Jonas Weimar
45 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first