A Developer who is following AWS best practices for secure code development requires an application to encrypt sensitive data to be stored at rest, locally in the application, using AWS KMS. What is the simplest and MOST secure way to decrypt this data when required?
A) Request KMS to provide the stored unencrypted data key and then use the retrieved data key to decrypt the data.
B) Keep the plaintext data key stored in Amazon DynamoDB protected with IAM policies. Query DynamoDB to retrieve the data key to decrypt the data
C) Use the Encrypt API to store an encrypted version of the data key with another customer managed key. Decrypt the data key and use it to decrypt the data when required.
D) Store the encrypted data key alongside the encrypted data. Use the Decrypt API to retrieve the data key to decrypt the data when required.
Correct Answer:
Verified
Q39: An application has been written that publishes
Q40: A Security Engineer has been asked to
Q41: A Development team has asked for help
Q42: The Security Engineer is managing a traditional
Q43: Some highly sensitive analytics workloads are to
Q45: A company runs an application on AWS
Q46: A Systems Administrator has written the following
Q47: A Security Analyst attempted to troubleshoot the
Q48: An organization operates a web application that
Q49: An application has been built with Amazon
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents