SCS-C02 · Question #287
SCS-C02 Question #287: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #287. The question stem and answer options stay visible for context.
Question
A company wants to encrypt data locally while meeting regulatory requirements related to key exhaustion. The encryption key can be no more than 10 days old or encrypt more than 2^16 objects. Any encryption key must be generated on a FIPS-validated hardware security module (HSM). The company is cost- conscious, as it plans to upload an average of 100 objects to Amazon S3 each second for sustained operations across 5 data producers. Which approach MOST efficiently meets the company's needs?
Options
- AUse the AWS Encryption SDK and set the maximum age to 10 days and the maximum number of
- BUse AWS Key Management Service (AWS KMS) to generate an AWS managed CMK.
- CUse AWS CloudHSM to generate the master key and data keys.
- DUse server-side encryption with Amazon S3 managed encryption keys (SSE-S3) and set the
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.