A company wants to migrate a workload to AWS. The chief information security officer requires that all data be encrypted at rest when stored in the cloud. The company wants complete control of encryption key lifecycle management. The company must be able to immediately remove the key material and audit key usage independently of AWS CloudTrail. The chosen services should integrate with other storage services that will be used on AWS. Which services satisfies these security requirements?
A) AWS CloudHSM with the CloudHSM client
B) AWS Key Management Service (AWS KMS) with AWS CloudHSM
C) AWS Key Management Service (AWS KMS) with an external key material origin
D) AWS Key Management Service (AWS KMS) with AWS managed customer master keys (CMKs)
Correct Answer:
Verified
Q66: A company has a mobile chat application
Q67: A company runs a website on Amazon
Q68: An application is running on Amazon EC2
Q69: A company currently stores symmetric encryption keys
Q70: A company has an on-premises data center
Q72: A company recently launched its website to
Q73: A company running an on-premises application is
Q74: A company hosts its website on Amazon
Q75: A solutions architect is moving the static
Q76: A media company is evaluating the possibility
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents