DBS-C01 · Question #167
DBS-C01 Question #167: Real Exam Question with Answer & Explanation
The correct answer is D: AWS Key Management Service (AWS KMS) CMK with customer-provided material. https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and- customer-managed-cmks.html
Question
A financial services company uses Amazon RDS for Oracle with Transparent Data Encryption (TDE). The company is required to encrypt its data at rest at all times. The key required to decrypt the data has to be highly available, and access to the key must be limited. As a regulatory requirement, the company must have the ability to rotate the encryption key on demand. The company must be able to make the key unusable if any potential security breaches are spotted. The company also needs to accomplish these tasks with minimum overhead. What should the database administrator use to set up the encryption to meet these requirements?
Options
- AAWS CloudHSM
- BAWS Key Management Service (AWS KMS) with an AWS managed key
- CAWS Key Management Service (AWS KMS) with server-side encryption
- DAWS Key Management Service (AWS KMS) CMK with customer-provided material
Explanation
https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and- customer-managed-cmks.html
Topics
Community Discussion
No community discussion yet for this question.