Amazon Exam SCS-C02 Topic 8 Question 34 Discussion

Actual exam question for Amazon's SCS-C02 exam

Question #: 34
Topic #: 8

A security engineer is implementing a solution to allow users to seamlessly encrypt Amazon S3 objects without having to touch the keys directly. The solution must be highly scalable without requiring continual management. Additionally, the organization must be able to immediately delete the encryption keys.

Which solution meets these requirements?

AUse AWS KMS with AWS managed keys and the ScheduleKeyDeletion API with a PendingWindowInDays set to 0 to remove the keys if necessary.

BUse KMS with AWS imported key material and then use the DeletelmportedKeyMaterial API to remove the key material if necessary.

CUse AWS CloudHSM to store the keys and then use the CloudHSM API or the PKCS11 library to delete the keys if necessary.

DUse the Systems Manager Parameter Store to store the keys and then use the service API operations to delete the keys if necessary.

Show Suggested Answer

Suggested Answer: A

by Ryann at Sep 14, 2024, 04:32 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Chantay

24 days ago

I'm gonna have to go with option A. Keeping things simple with KMS and being able to nuke those keys on demand? Sounds like a winner to me!

upvoted 0 times

...

Janey

27 days ago

Hah! Option D with the Parameter Store? That's like trying to hide your keys under the doormat. Not very secure if you ask me.

upvoted 0 times

Leota

6 days ago

User 2: I agree, it's important to have a solution that is both secure and scalable. Option A seems to meet those requirements.

upvoted 0 times

...

Izetta

13 days ago

Option A seems like the best choice. Using AWS KMS with managed keys and ScheduleKeyDeletion API sounds secure and scalable.

upvoted 0 times

...

Felicidad

1 months ago

Option C with CloudHSM is interesting, but I'm not sure I want to deal with the extra complexity of a separate hardware appliance.

upvoted 0 times

Arlen

10 days ago

A: Option A with AWS KMS managed keys seems like a simple and scalable solution.

upvoted 0 times

...

Gianna

21 days ago

A) Use AWS KMS with AWS managed keys and the ScheduleKeyDeletion API with a PendingWindowInDays set to 0 to remove the keys if necessary.

upvoted 0 times

...

Raina

1 months ago

I'm not sure, I think option C) using AWS CloudHSM might be a better choice for securely storing and deleting keys.

upvoted 0 times

...

Gabriele

1 months ago

I agree with Kina, using AWS managed keys and ScheduleKeyDeletion API seems like the most scalable and easy to manage solution.

upvoted 0 times

...

Kina

2 months ago

I think the answer is A) Use AWS KMS with AWS managed keys and the ScheduleKeyDeletion API.

upvoted 0 times

...

Ciara

2 months ago

I'm not sure about option B. Importing your own key material and then trying to delete it? Sounds risky to me.

upvoted 0 times

...

Tammy

2 months ago

Option A looks good to me! AWS KMS with managed keys and the ability to quickly delete them seems like a hassle-free solution.

upvoted 0 times

Christiane

1 months ago

I agree, using AWS KMS with managed keys and the ScheduleKeyDeletion API with a PendingWindowInDays set to 0 seems like the best choice for scalability and easy key management.

upvoted 0 times

...

Val

2 months ago

Option A looks good to me! AWS KMS with managed keys and the ability to quickly delete them seems like a hassle-free solution.

upvoted 0 times

...