Topic 1 Question 184
A security engineer is implementing a solution to allow users to seamlessly encrypt Amazon S3 objects without having to touch the keys directly. The solution must be highly scalable without requiring continual management. Additionally, the organization must be able to immediately delete the encryption keys.
Which solution meets these requirements?
Use AWS KMS with AWS managed keys and the ScheduleKeyDeletion API with a PendingWindowInDays set to 0 to remove the keys if necessary.
Use KMS with AWS imported key material and then use the DeleteImportedKeyMaterial API to remove the key material if necessary.
Use AWS CloudHSM to store the keys and then use the CloudHSM API or the PKCS11 library to delete the keys if necessary.
Use the Systems Manager Parameter Store to store the keys and then use the service API operations to delete the keys if necessary.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: B
B seems to be the right answer. Option A has no option to do immediate deletion
👍 4mikelord2024/10/03 - 正解だと思う選択肢: B
A is incorrect because AWS KMS managed keys do not support immediate deletion. C is incorrect because AWS CloudHSM requires direct management of hardware security modules D is incorrect because AWS Systems Manager Parameter Store is not designed for encryption key management
👍 1gjurro2024/10/24 - 正解だと思う選択肢: B
b but they should improve how the question is framed, is there anything as an AWS imported key material ?
👍 1723993f2024/11/26
シャッフルモード