An organization has a multi-petabyte workload that it is moving to Amazon S3, but the CISO is concerned about cryptographic wear-out and the blast radius if a key is compromised. How can the CISO be assured that AWS KMS and Amazon S3 are addressing the concerns? (Choose two.)
A) There is no API operation to retrieve an S3 object in its encrypted form.
B) Encryption of S3 objects is performed within the secure boundary of the KMS service.
C) S3 uses KMS to generate a unique data key for each individual object.
D) Using a single master key to encrypt all data includes having a single place to perform audits and usage validation.
E) The KMS encryption envelope digitally signs the master key during encryption to prevent cryptographic wear-out.
Correct Answer:
Verified
Q266: A company uses AWS CodePipeline for its
Q267: Auditors for a health care company have
Q268: A Security Engineer has several thousand Amazon
Q269: An application has been written that publishes
Q270: A security engineer needs to build a
Q272: A public subnet contains two Amazon EC2
Q273: A security engineer has noticed an unusually
Q274: An application is running on an Amazon
Q275: A large government organization is moving to
Q276: A company is undergoing a layer 3
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents