Topic 1 Question 137
A company runs workloads in the us-east-1 Region. The company has never deployed resources to other AWS Regions and does not have any multi-Region resources. The company needs to replicate its workloads and infrastructure to the us-west-1 Region.
A security engineer must implement a solution that uses AWS Secrets Manager to store secrets in both Regions. The solution must use AWS Key Management Service (AWS KMS) to encrypt the secrets. The solution must minimize latency and must be able to work if only one Region is available.
The security engineer uses Secrets Manager to create the secrets in us-east-1.
What should the security engineer do next to meet the requirements?
Encrypt the secrets in us-east-1 by using an AWS managed KMS key. Replicate the secrets to us-west-1. Encrypt the secrets in us-west-1 by using a new AWS managed KMS key in us-west-1.
Encrypt the secrets in us-east-1 by using an AWS managed KMS key. Configure resources in us-west-1 to call the Secrets Manager endpoint in us-east-1.
Encrypt the secrets in us-east-1 by using a customer managed KMS key. Configure resources in us-west-1 to call the Secrets Manager endpoint in us-east-1.
Encrypt the secrets in us-east-1 by using a customer managed KMS key. Replicate the secrets to us-west-1. Encrypt the secrets in us-west-1 by using the customer managed KMS key from us-east-1.
ユーザの投票
コメント(15)
- 正解だと思う選択肢: D
D. Encrypt the secrets in us-east-1 by using a customer managed KMS key. Replicate the secrets to us-west-1. Encrypt the secrets in us-west-1 by using the customer managed KMS key from us-east-1.
Customer Managed KMS Key:Encrypting secrets in us-east-1 with a customer managed KMS key allows greater control over key rotation policies and permissions, ensuring higher security and compliance.
Replication of secrets to us-west-1:Replicating the secrets to us-west-1 ensures that the secrets are available in both regions, meeting the requirement to function even if only one region is available.
Using the same customer managed KMS key in us-west-1:Encrypting the secrets in us-west-1 using the KMS key from us-east-1 ensures consistency in encryption and secret management across regions. Additionally, this can help minimize latency, as the same key is used for both regions, making the replication process more efficient.
👍 95409b912024/05/21 - 正解だと思う選択肢: A
A is correct, the key point is availability is case one region is down.
👍 4Arad2024/06/29 - 正解だと思う選択肢: A
A is correct
👍 3Certified1012024/05/19
シャッフルモード