Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SCS-C02 Topic 8 Question 25 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 25
Topic #: 8
[All SCS-C02 Questions]

A company runs workloads in the us-east-1 Region. The company has never deployed resources to other AWS Regions and does not have any multi-Region resources.

The company needs to replicate its workloads and infrastructure to the us-west-1 Region.

A security engineer must implement a solution that uses AWS Secrets Manager to store secrets in both Regions. The solution must use AWS Key Management Service (AWS KMS) to encrypt the secrets. The solution must minimize latency and must be able to work if only one Region is available.

The security engineer uses Secrets Manager to create the secrets in us-east-1.

What should the security engineer do next to meet the requirements?

Show Suggested Answer Hide Answer
Suggested Answer: D

To ensure minimal latency and regional availability of secrets, encrypting secrets in us-east-1 with a customer-managed KMS key and then replicating them to us-west-1 for encryption with the same key is the optimal approach. This method leverages customer-managed KMS keys for enhanced control and ensures that secrets are available in both regions, adhering to disaster recovery principles and minimizing latency by using regional endpoints.


Contribute your Thoughts:

Dominga
3 months ago
I'm just here to make sure the engineers don't accidentally unleash a swarm of AWS Secrets Managers upon an unsuspecting world. No pressure, folks!
upvoted 0 times
...
Long
3 months ago
But wouldn't it be better to use AWS managed KMS keys for consistency and ease of management across Regions?
upvoted 0 times
...
Jaime
3 months ago
Wait, we need to consider the possibility of only one Region being available? I hope the company doesn't have any Black Hole Regions in their AWS infrastructure.
upvoted 0 times
Lamonica
3 months ago
User 2
upvoted 0 times
...
Sena
3 months ago
User 1
upvoted 0 times
...
...
Juan
3 months ago
I'm not sure. Maybe they should encrypt the secrets in us-east-1 using a customer managed KMS key instead.
upvoted 0 times
...
Eleonora
4 months ago
Option D looks like the most secure approach. Replicating the secrets and using the same customer managed KMS key in both Regions ensures consistent encryption.
upvoted 0 times
Jeffrey
3 months ago
I agree, it's important to maintain consistency in encryption across Regions for security purposes.
upvoted 0 times
...
My
3 months ago
Option D looks like the most secure approach. Replicating the secrets and using the same customer managed KMS key in both Regions ensures consistent encryption.
upvoted 0 times
...
...
Novella
4 months ago
I agree with Long. Then they should replicate the secrets to us-west-1 and encrypt them using a new AWS managed KMS key in us-west-1.
upvoted 0 times
...
Murray
4 months ago
I'm not sure about using an AWS managed KMS key for this scenario. Wouldn't a customer managed KMS key provide more control and flexibility over the encryption process?
upvoted 0 times
...
Kayleigh
4 months ago
Option B seems like the simplest and most efficient solution. Calling the Secrets Manager endpoint in us-east-1 from us-west-1 minimizes the overhead of replicating secrets across Regions.
upvoted 0 times
Eun
3 months ago
B) That makes sense. It's a good way to ensure the secrets are accessible in both Regions without unnecessary replication.
upvoted 0 times
...
Rebecka
3 months ago
A) Encrypt the secrets in us-east-1 by using an AWS managed KMS key. Replicate the secrets to us-west-1. Encrypt the secrets in us-west-1 by using a new AWS managed KMS key in us-west-1.
upvoted 0 times
...
Eloisa
4 months ago
B) Encrypt the secrets in us-east-1 by using an AWS managed KMS key. Configure resources in us-west-1 to call the Secrets Manager endpoint in us-east-1.
upvoted 0 times
...
...
Long
4 months ago
I think the security engineer should encrypt the secrets in us-east-1 using an AWS managed KMS key.
upvoted 0 times
...

Save Cancel