A company has decided to use encryption in its AWS account to secure the objects in Amazon S3 using server-side encryption. Object sizes range from 16,000 B to 5 MB. The requirements are as follows: The key material must be generated and stored in a certified Federal Information Processing Standard (FIPS) 140-2 Level 3 machine. The key material must be available in multiple Regions. Which option meets these requirements?
A) Use an AWS KMS customer managed key and store the key material in AWS with replication across Regions.
B) Use an AWS customer managed key, import the key material into AWS KMS using in-house AWS CloudHSM, and store the key material securely in Amazon S3.
C) Use an AWS KMS custom key store backed by AWS CloudHSM clusters, and copy backups across Regions.
D) Use AWS CloudHSM to generate the key material and backup keys across Regions. Use the Java Cryptography Extension (JCE) and Public Key Cryptography Standards #11 (PKCS #11) encryption libraries to encrypt and decrypt the data.
Correct Answer:
Verified
Q168: A Security Engineer accidentally deleted the imported
Q169: A company requires that SSH commands used
Q170: A company wants to encrypt the private
Q171: A Security Engineer is asked to update
Q172: A security engineer received an Amazon GuardDuty
Q174: A security engineer is setting up a
Q175: A Security Engineer creates an Amazon S3
Q176: Authorized Administrators are unable to connect to
Q177: A company's Security Engineer is copying all
Q178: A company has multiple AWS accounts that
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents