Topic 1 Question 69
A company receives call logs as Amazon S3 objects that contain sensitive customer information. The company must protect the S3 objects by using encryption. The company must also use encryption keys that only specific employees can access. Which solution will meet these requirements with the LEAST effort?
Use an AWS CloudHSM cluster to store the encryption keys. Configure the process that writes to Amazon S3 to make calls to CloudHSM to encrypt and decrypt the objects. Deploy an IAM policy that restricts access to the CloudHSM cluster.
Use server-side encryption with customer-provided keys (SSE-C) to encrypt the objects that contain customer information. Restrict access to the keys that encrypt the objects.
Use server-side encryption with AWS KMS keys (SSE-KMS) to encrypt the objects that contain customer information. Configure an IAM policy that restricts access to the KMS keys that encrypt the objects.
Use server-side encryption with Amazon S3 managed keys (SSE-S3) to encrypt the objects that contain customer information. Configure an IAM policy that restricts access to the Amazon S3 managed keys that encrypt the objects.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: C
Option D does not provide the ability to restrict access to the encryption keys
👍 4rralucard_2024/08/02 - 正解だと思う選択肢: C
Least effort = C
👍 4GiorgioGss2024/09/19 - 正解だと思う選択肢: C
Encryption at Rest: SSE-KMS provides robust encryption of the sensitive call log data while it's stored in S3. Key Management and Access Control: AWS KMS offers centralized key management. You can easily create and manage KMS keys (Customer Master Keys - CMKs) and use fine-grained IAM policies to restrict access to specific employees. Minimal Effort: SSE-KMS is a built-in S3 feature. Enabling it requires minimal configuration and no custom code for encryption/decryption.
👍 3Christina6662024/10/13
シャッフルモード