SCS-C02 · Question #73
SCS-C02 Question #73: Real Exam Question with Answer & Explanation
The correct answer is D: Use an AWS Key Management Service (AWS KMS) customer managed key to generate the. Amazon Relational Database Service (Amazon RDS) can encrypt data using an AWS managed key or a Customer managed key (CMK). Key permissions fully integrate with AWS Identity and Access Management (IAM). https://aws.amazon.com/blogs/database/securing-data-in-amazon-rds-using-aws-km
Question
A company sends Amazon RDS snapshots to two accounts as part of its disaster recovery (DR) plan. The snapshots must be encrypted. However, each account needs to be able to decrypt the snapshots in case of a DR event. Which solution will meet these requirements?
Options
- AUse the default AWS Key Management Service (AWS KMS) key to generate the snapshots.
- BUse an AWS Key Management Service (AWS KMS) customer managed key to generate the
- CUse the default AWS Key Management Service (AWS KMS) key to generate the snapshots.
- DUse an AWS Key Management Service (AWS KMS) customer managed key to generate the
Explanation
Amazon Relational Database Service (Amazon RDS) can encrypt data using an AWS managed key or a Customer managed key (CMK). Key permissions fully integrate with AWS Identity and Access Management (IAM). https://aws.amazon.com/blogs/database/securing-data-in-amazon-rds-using-aws-kms-encryption/ https://aws.amazon.com/premiumsupport/knowledge-center/share-encrypted-rds-snapshot-kms-
Community Discussion
No community discussion yet for this question.