Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam SAP-C02 Topic 2 Question 48 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 48
Topic #: 2
[All SAP-C02 Questions]

A company has an application that uses AWS Key Management Service (AWS KMS) to encrypt and decrypt dat

a. The application stores data in an Amazon S3 bucket in an AWS Region. Company security policies require the data to be encrypted before the data is placed into the S3 bucket. The application must decrypt the data when the application reads files from the S3 bucket.

The company replicates the S3 bucket to other Regions. A solutions architect must design a solution so that the application can encrypt and decrypt data across Regions. The application must use the same key to decrypt the data in each Region.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Cassi at Jan 13, 2025, 06:44 PM

Limited Time Offer

25%

Off

Get Premium SAP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Willard
17 days ago
Ha! I bet the guy who wrote option B is the same one who thought 'just create a new key in each Region' was a good idea. That's like the IT version of 'have you tried turning it off and on again?'
upvoted 0 times
...
Dan
18 days ago
Option D is interesting, but storing the key material in Parameter Store? That could get messy and might not be as secure as using KMS directly.
upvoted 0 times
Loise
4 days ago
I agree, Option A seems like the most secure and efficient solution. Creating a KMS multi-Region primary key and replica keys in each Region makes sense.
upvoted 0 times
...
Ernest
11 days ago
Option D is definitely not the best choice for this scenario. Storing key material in Parameter Store can be risky.
upvoted 0 times
...
...
Tyisha
1 months ago
Option A all the way. Multi-Region KMS keys is the only way to go if you want to keep things simple and secure. Plus, it's the AWS-recommended solution, so it's gotta be good, right?
upvoted 0 times
...
Charlena
1 months ago
Option A seems like the way to go. Using a multi-Region primary key and replica keys in each Region sounds like the best approach to ensure data can be decrypted across Regions.
upvoted 0 times
Chandra
12 days ago
Updating the application code to use specific replica keys in each Region is key to maintaining data security.
upvoted 0 times
...
Elli
14 days ago
It's important to ensure that the application can access the same key in each Region for decryption.
upvoted 0 times
...
Lyda
22 days ago
Creating a multi-Region primary key and replica keys will definitely help with decrypting data across Regions.
upvoted 0 times
...
Katy
29 days ago
I agree, Option A seems like the most efficient solution.
upvoted 0 times
...
...
Kerrie
1 months ago
But option A ensures that the application uses the same key to decrypt data in each Region, which is important for consistency.
upvoted 0 times
...
Dell
1 months ago
I disagree, I believe option B is more practical as it creates a new customer managed KMS key in each Region.
upvoted 0 times
...
Kerrie
2 months ago
I think option A is the best solution because it allows for a multi-Region primary key and replica key in each additional Region.
upvoted 0 times
...

Save Cancel