A company's data lake uses Amazon S3 and Amazon Athena. The company's security engineer has been asked to design an encryption solution that meets the company's data protection requirements. The encryption solution must work with Amazon S3 and keys managed by the company. The encryption solution must be protected in a hardware security module that is validated to Federal information Processing Standards (FIPS) 140-2 Level 3. Which solution meets these requirements?
A) Use client-side encryption with an AWS KMS customer-managed key implemented with the AWS Encryption SDK.
B) Use AWS CloudHSM to store the keys and perform cryptographic operations. Save the encrypted text in Amazon S3.
C) Use an AWS KMS customer-managed key that is backed by a custom key store using AWS CloudHSM.
D) Use an AWS KMS customer-managed key with the bring your own key (BYOK) feature to import a key stored in AWS CloudHSM.
Correct Answer:
Verified
Q234: An organizational must establish the ability to
Q235: A company uses HTTP Live Streaming (HLS)
Q236: A company plans to use custom AMIs
Q237: Two Amazon EC2 instances in different subnets
Q238: A security engineer noticed an anomaly within
Q240: A company's Chief Security Officer has requested
Q241: An ecommerce website was down for 1 hour
Q242: A company is hosting multiple applications within
Q243: Users report intermittent availability of a web
Q244: A company is using AWS Organizations to
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents