A Security Engineer is implementing a solution to allow users to seamlessly encrypt Amazon S3 objects without having to touch the keys directly. The solution must be highly scalable without requiring continual management. Additionally, the organization must be able to immediately delete the encryption keys. Which solution meets these requirements?
A) Use AWS KMS with AWS managed keys and the ScheduleKeyDeletion API with a PendingWindowInDays set to 0 to remove the keys if necessary.
B) Use KMS with AWS imported key material and then use the DeletelmportedKeyMaterial API to remove the key material if necessary.
C) Use AWS CloudHSM to store the keys and then use the CloudHSM API or the PKCS11 library to delete the keys if necessary.
D) Use the Systems Manager Parameter Store to store the keys and then use the service API operations to delete the key if necessary.
Correct Answer:
Verified
Q72: An application uses Amazon Cognito to manage
Q73: An Amazon S3 bucket is encrypted using
Q74: A Security Engineer is working with a
Q75: The Accounting department at Example Corp. has
Q76: A company uses identity federation to authenticate
Q78: To meet regulatory requirements, a Security Engineer
Q79: A company's security policy requires that VPC
Q80: An AWS Lambda function was misused to
Q81: A company is developing a highly resilient
Q82: A recent security audit found that AWS
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents