SAA-C03 · Question #139
SAA-C03 Question #139: Real Exam Question with Answer & Explanation
The correct answer is A: Create an AWS Key Management Service (AWS KMS) key without key material. Import the. Option A allows importing your own encryption keys into AWS KMS, ensuring control over key Option D uses S3 Glacier with SSE-C, where the customer controls the encryption keys, meeting compliance needs. Option B uses AWS-managed key material, violating the requirement for key mat
Question
A company needs a cloud-based solution for backup, recovery, and archiving while retaining encryption key material control. Which combination of solutions will meet these requirements? (Select TWO)
Options
- ACreate an AWS Key Management Service (AWS KMS) key without key material. Import the
- BCreate an AWS KMS encryption key that contains key material generated by AWS KMS.
- CStore the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Use S3 Bucket
- DStore the data in an Amazon S3 Glacier storage class. Use server-side encryption with customer-
- EStore the data in AWS Snowball devices. Use server-side encryption with AWS KMS keys (SSE-
Explanation
Option A allows importing your own encryption keys into AWS KMS, ensuring control over key Option D uses S3 Glacier with SSE-C, where the customer controls the encryption keys, meeting compliance needs. Option B uses AWS-managed key material, violating the requirement for key material control. Option C and Eare not fully compliant with the control requirement.
Community Discussion
No community discussion yet for this question.