An application has a requirement to be resilient across not only Availability Zones within the application's primary region but also be available within another region altogether. Which of the following supports this requirement for AWS resources that are encrypted by AWS KMS?
A) Copy the application's AWS KMS CMK from the source region to the target region so that it can be used to decrypt the resource after it is copied to the target region.
B) Configure AWS KMS to automatically synchronize the CMK between regions so that it can be used to decrypt the resource in the target region.
C) Use AWS services that replicate data across regions, and re-wrap the data encryption key created in the source region by using the CMK in the target region so that the target region's CMK can decrypt the database encryption key.
D) Configure the target region's AWS service to communicate with the source region's AWS KMS so that it can decrypt the resource in the target region.
Correct Answer:
Verified
Q1: A Security Administrator is performing a log
Q2: During a recent internal investigation, it was
Q3: A Security Engineer has created an Amazon
Q4: An organization wants to deploy a three-tier
Q6: A Security Engineer must design a solution
Q7: A Security Administrator has a website hosted
Q8: A water utility company uses a number
Q9: A threat assessment has identified a risk
Q10: An organization has a system in AWS
Q11: An organization policy states that all encryption
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents