Amazon
SCS-C02 · Question #265
SCS-C02 Question #265: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #265. The question stem and answer options stay visible for context.
Submitted by jian89· Mar 6, 2026Data Protection
Question
A company wants to encrypt data locally while meeting regulatory requirements related to key exhaustion. The encryption key can be no more than 10 days old or encrypt more than 2" 16 objects Any encryption key must be generated on a FlPS-validated hardware security module (HSM). The company is cost- conscious, as plans to upload an average of 100 objects to Amazon S3 each second for sustained operations across 5 data producers When approach MOST efficiently meets the company's needs?
Options
- AUse the AWS Encryption SDK and set the maximum age to 10 days and the minimum number of
- BUse AWS Key Management Service (AWS KMS) to generate an AWS managed CMK.
- CUse AWS CloudHSM to generate the master key and data keys.
- DUse server-side encryption with Amazon S3 managed encryption keys (SSE-S3) and set the
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Client-Side Encryption#Key Management#AWS Encryption SDK#Regulatory Compliance