Topic 1 Question 216
A company runs a cron job on an Amazon EC2 instance on a predefined schedule. The cron job calls a bash script that encrypts a 2 KB file. A security engineer creates an AWS Key Management Service (AWS KMS) customer managed key with a key policy. The key policy and the EC2 instance role have the necessary configuration for this job.
Which process should the bash script use to encrypt the file?
Use the aws kms encrypt command to encrypt the file by using the existing KMS key.
Use the aws kms create-grant command to generate a grant for the existing KMS key.
Use the aws kms encrypt command to generate a data key. Use the plaintext data key to encrypt the file.
Use the aws kms generate-data-key command to generate a data key. Use the encrypted data key to encrypt the file.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: A
The file of 2k is well within the 4k limit of the AWS KMS encrypt command
👍 2DSExam2024/11/04 - 正解だと思う選択肢: A
2 kb file only, no need for grant, no need to for data key
👍 2723993f2024/11/25 - 正解だと思う選択肢: D
Generate a Data Key: The aws kms generate-data-key command generates a data key that includes both a plaintext version and an encrypted version of the key. Encrypt the File: Use the plaintext data key to encrypt the 2 KB file. Store the Encrypted Data Key: Store the encrypted data key alongside the encrypted file. This allows the file to be decrypted later using the encrypted data key and the KMS key. This approach is efficient and secure, as it leverages the strengths of both KMS for key management and local encryption for performance.
👍 2Pmktechno2024/12/29
シャッフルモード