Topic 1 Question 143

AWS Certified Machine Learning - Specialty

Topic 1 Question 143
A company will use Amazon SageMaker to train and host a machine learning (ML) model for a marketing campaign. The majority of data is sensitive customer data. The data must be encrypted at rest. The company wants AWS to maintain the root of trust for the master keys and wants encryption key usage to be logged. Which implementation will meet these requirements?
- Use encryption keys that are stored in AWS Cloud HSM to encrypt the ML data volumes, and to encrypt the model artifacts and data in Amazon S3.
- Use SageMaker built-in transient keys to encrypt the ML data volumes. Enable default encryption for new Amazon Elastic Block Store (Amazon EBS) volumes.
- Use customer managed keys in AWS Key Management Service (AWS KMS) to encrypt the ML data volumes, and to encrypt the model artifacts and data in Amazon S3.
- Use AWS Security Token Service (AWS STS) to create temporary tokens to encrypt the ML storage volumes, and to encrypt the model artifacts and data in Amazon S3.
ユーザの投票
コメント(3)
- C is correct answer. Straight forward to use KMS.
  
  👍 8
  exam_prep2022/05/27
- 正解だと思う選択肢: C
  Using customer managed keys in AWS KMS will allow the company to maintain the root of trust for the master keys, and AWS KMS will log key usage. This ensures that the encryption keys used to encrypt the ML data volumes and model artifacts are properly managed and secured. Additionally, using customer managed keys allows the company to have greater control over the encryption process.
  
  👍 3
  AjoseO2023/02/17
- 正解だと思う選択肢: C
  https://docs.aws.amazon.com/kms/latest/developerguide/security-logging-monitoring.html
  
  👍 1
  Jerry842023/01/31
シャッフルモード

ユーザの投票

コメント(3)