SCS-C02 · Question #377
SCS-C02 Question #377: Real Exam Question with Answer & Explanation
The correct answer is B: Use AWS KMS Customer Default master key. The AWS Documentation mentions the following Amazon Redshift uses a hierarchy of encryption keys to encrypt the database. You can use either AWS Key Management Servic (AWS KMS) or a hardware security module (HSM) to manage the top-level encryption keys in this hierarchy. The proc
Question
A company is using a Redshift cluster to store their data warehouse. There is a requirement from the Internal IT Security team to ensure that data gets encrypted for the Redshift database. How can this be achieved?
Options
- AEncrypt the EBS volumes of the underlying EC2 Instances
- BUse AWS KMS Customer Default master key
- CUse SSL/TLS for encrypting the data
- DUse S3 Encryption
Explanation
The AWS Documentation mentions the following Amazon Redshift uses a hierarchy of encryption keys to encrypt the database. You can use either AWS Key Management Servic (AWS KMS) or a hardware security module (HSM) to manage the top-level encryption keys in this hierarchy. The process that Amazon Redshift uses for encryption differs depending on how you manage Option A is invalid because its the cluster that needs to be encrypted Option C is invalid because this encrypts objects in transit and not objects at rest Option D is invalid because this is used only for objects in S3 buckets. https://docs.aws.amazon.com/redshift/latest/memt/workine-with-db-encryption.html
Community Discussion
No community discussion yet for this question.