SCS-C02 · Question #54
SCS-C02 Question #54: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #54. The question stem and answer options stay visible for context.
Question
A company is designing a solution to serve content from an Amazon CloudFront distribution that will have an Amazon S3 bucket as the origin. A security engineer needs to encrypt S3 data at rest with an AWS Key Management Service (KMS) customer managed key rather than with an S3 managed key. The solution must minimize operational overhead. Which combination of steps should the security engineer take to meet these requirements? (Choose three.)
Options
- ACreate the S3 bucket. Configure server-side encryption with a customer managed KMS key.
- BCreate the S3 bucket. Configure server-side encryption with customer-provided encryption keys
- CCreate the CloudFront distribution. Use the S3 bucket as the origin. Configure the distribution to
- DCreate the CloudFront distribution. Use the S3 bucket as the origin. Delete the origin access
- EConfigure the CloudFront distribution cache to encrypt data at rest by using the customer
- FCreate a Lambda@Edge function that runs for origin request events and reads from the S3
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.