Topic 1 Question 189
2 つ選択A company needs to store contract documents. A contract lasts for 5 years. During the 5-year period, the company must ensure that the documents cannot be overwritten or deleted. The company needs to encrypt the documents at rest and rotate the encryption keys automatically every year.
Which combination of steps should a solutions architect take to meet these requirements with the LEAST operational overhead?
Store the documents in Amazon S3. Use S3 Object Lock in governance mode.
Store the documents in Amazon S3. Use S3 Object Lock in compliance mode.
Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3). Configure key rotation.
Use server-side encryption with AWS Key Management Service (AWS KMS) customer managed keys. Configure key rotation.
Use server-side encryption with AWS Key Management Service (AWS KMS) customer provided (imported) keys. Configure key rotation.
ユーザの投票
コメント(17)
- 正解だと思う選択肢: BD
Originally answered B and C due to least operational overhead. after research its bugging me that the s3 key rotation is determined based on AWS master Key rotation which cannot guarantee the key is rotated with in a 365 day period. stated as "varies" in the documentation. also its impossible to configure this in the console. KMS-C is a tick box in the console to turn on annual key rotation but requires more operational overhead than SSE-S3. C - will not guarantee the questions objectives but requires little overhead. D - will guarantee the questions objective with more overhead.
👍 16[Removed]2022/11/28 - 正解だと思う選択肢: BD
should be BD C could have been fine, but key rotation is activate per default on SSE-S3, and no way to deactivate it if I am not wrong
👍 6LeGloupier2022/11/16 - 正解だと思う選択肢: BC
SSE-S3 AWS managed keys are rotated every year. The question did not request for user intervention that's why the said "Rotated Automatically".
👍 4LuckyAro2023/01/16
シャッフルモード