DEA-C01 Question #191: Real Exam Question with Answer & Explanation

Question

A data engineer is launching an Amazon EMR cluster. The data that the data engineer needs to load into the new cluster is currently in an Amazon S3 bucket. The data engineer needs to ensure that data is encrypted both at rest and in transit. The data that is in the S3 bucket is encrypted by an AWS Key Management Service (AWS KMS) key. The data engineer has an Amazon S3 path that has a Privacy Enhanced Mail (PEM) file. Which solution will meet these requirements?

Options

• ACreate an Amazon EMR security configuration. Specify the appropriate AWS KMS key for at-rest
• BCreate an Amazon EMR security configuration. Specify the appropriate AWS KMS key for local
• CCreate an Amazon EMR security configuration. Specify the appropriate AWS KMS key for at-rest
• DCreate an Amazon EMR security configuration. Specify the appropriate AWS KMS key for at-rest

Explanation

Amazon EMR security configurations allow you to define encryption settings for both at-rest and in-transit data. In this case, the data in the S3 bucket is already encrypted with an AWS KMS key, so you need to ensure the EMR cluster uses the same key for at-rest encryption when accessing For in-transit encryption, you need to provide a PEM file that contains the SSL/TLS certificate, which ensures that data transferred to and from the cluster is encrypted. By specifying both the KMS key for at-rest encryption and the PEM file for in-transit encryption in a single security configuration, you ensure that the data is encrypted during storage and

No community discussion yet for this question.