Due to new compliance requirements, a Security Engineer must enable encryption with customer-provided keys on corporate data that is stored in DynamoDB. The company wants to retain full control of the encryption keys. Which DynamoDB feature should the Engineer use to achieve compliance'?
A) Use AWS Certificate Manager to request a certificate. Use that certificate to encrypt data prior to uploading it to DynamoDB.
B) Enable S3 server-side encryption with the customer-provided keys. Upload the data to Amazon S3, and then use S3Copy to move all data to DynamoDB
C) Create a KMS master key. Generate per-record data keys and use them to encrypt data prior to uploading it to DynamoDS. Dispose of the cleartext and encrypted data keys after encryption without storing.
D) Use the DynamoDB Java encryption client to encrypt data prior to uploading it to DynamoDB.
Correct Answer:
Verified
Q106: A Security Engineer is trying to determine
Q107: An AWS account includes two S3 buckets:
Q108: A company's database developer has just migrated
Q109: A security alert has been raised for
Q110: What is the function of the following
Q112: During a recent security audit, it was
Q113: The Information Technology department has stopped using
Q114: A company has a forensic logging use
Q115: A Security Engineer has been asked to
Q116: A company has multiple VPCs in their
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents