SAP-C02 · Question #757
SAP-C02 Question #757: Real Exam Question with Answer & Explanation
The correct answer is A: Create a KMS multi-Region primary key. Use the KMS multi-Region primary key to create a KMS. AWS KMS multi-Region keys allow you to replicate keys across multiple Regions, ensuring that the same key material is available in each Region.
Question
A company has an application that uses AWS Key Management Service (AWS KMS) to encrypt and decrypt data. The application stores data in an Amazon S3 bucket in an AWS Region. Company security policies require the data to be encrypted before the data is placed into the S3 bucket. The application must decrypt the data when the application reads files from the S3 bucket. The company replicates the S3 bucket to other Regions. A solutions architect must design a solution so that the application can encrypt and decrypt data across Regions. The application must use the same key to decrypt the data in each Region. Which solution will meet these requirements?
Options
- ACreate a KMS multi-Region primary key. Use the KMS multi-Region primary key to create a KMS
- BCreate a new customer managed KMS key in each additional Region where the application is
- CUse AWS Private Certificate Authority to create a new certificate authority (CA) in the primary
- DUse AWS Systems Manager Parameter Store to create a parameter in each additional Region
Explanation
AWS KMS multi-Region keys allow you to replicate keys across multiple Regions, ensuring that the same key material is available in each Region.
Community Discussion
No community discussion yet for this question.