An online retail company uses Amazon Redshift to store historical sales transactions. The company is required to encrypt data at rest in the clusters to comply with the Payment Card Industry Data Security Standard (PCI DSS) . A corporate governance policy mandates management of encryption keys using an on-premises hardware security module (HSM) . Which solution meets these requirements?
A) Create and manage encryption keys using AWS CloudHSM Classic. Launch an Amazon Redshift cluster in a VPC with the option to use CloudHSM Classic for key management.
B) Create a VPC and establish a VPN connection between the VPC and the on-premises network. Create an HSM connection and client certificate for the on-premises HSM. Launch a cluster in the VPC with the option to use the on-premises HSM to store keys.
C) Create an HSM connection and client certificate for the on-premises HSM. Enable HSM encryption on the existing unencrypted cluster by modifying the cluster. Connect to the VPC where the Amazon Redshift cluster resides from the on-premises network using a VPN.
D) Create a replica of the on-premises HSM in AWS CloudHSM. Launch a cluster in a VPC with the option to use CloudHSM to store keys.
Correct Answer:
Verified
Q93: A company is building a service to
Q94: A retail company leverages Amazon Athena for
Q95: A company has a marketing department and
Q96: A company has an encrypted Amazon Redshift
Q97: A telecommunications company is looking for an
Q99: A data analyst is designing an Amazon
Q100: A streaming application is reading data from
Q101: A hospital uses wearable medical sensor devices
Q102: A software company hosts an application on
Q103: A company wants to run analytics on
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents