DVA-C02 · Question #97
A developer is building a highly secure healthcare application using serverless components. This application requires writing temporary data to /tmp storage on an AWS Lambda function. How should the d
The correct answer is B. Set up the Lambda function with a role and key policy to access an AWS KMS key. Use the key. The most secure and AWS-recommended approach is to use AWS KMS to generate a data key, then use that key to encrypt the data before writing to /tmp in the Lambda function. This ensures that the data is protected with KMS-managed encryption while maintaining high performance and c
Question
A developer is building a highly secure healthcare application using serverless components. This application requires writing temporary data to /tmp storage on an AWS Lambda function. How should the developer encrypt this data?
Options
- AEnable Amazon EBS volume encryption with an AWS KMS key in the Lambda function
- BSet up the Lambda function with a role and key policy to access an AWS KMS key. Use the key
- CUse OpenSSL to generate a symmetric encryption key on Lambda startup. Use this key to
- DUse an on-premises hardware security module (HSM) to generate keys, where the Lambda
How the community answered
(55 responses)- A4% (2)
- B76% (42)
- C5% (3)
- D15% (8)
Explanation
The most secure and AWS-recommended approach is to use AWS KMS to generate a data key, then use that key to encrypt the data before writing to /tmp in the Lambda function. This ensures that the data is protected with KMS-managed encryption while maintaining high performance and compliance with healthcare data requirements.
Community Discussion
No community discussion yet for this question.