Topic 1 Question 256
A company has millions of objects in an Amazon S3 bucket. The objects are in the S3 Standard storage class. All the S3 objects are accessed frequently. The number of users and applications that access the objects is increasing rapidly. The objects are encrypted with server-side encryption with AWS KMS keys (SSE-KMS).
A solutions architect reviews the company’s monthly AWS invoice and notices that AWS KMS costs are increasing because of the high number of requests from Amazon S3. The solutions architect needs to optimize costs with minimal changes to the application.
Which solution will meet these requirements with the LEAST operational overhead?
Create a new S3 bucket that has server-side encryption with customer-provided keys (SSE-C) as the encryption type. Copy the existing objects to the new S3 bucket. Specify SSE-C.
Create a new S3 bucket that has server-side encryption with Amazon S3 managed keys (SSE-S3) as the encryption type. Use S3 Batch Operations to copy the existing objects to the new S3 bucket. Specify SSE-S3.
Use AWS CloudHSM to store the encryption keys. Create a new S3 bucket. Use S3 Batch Operations to copy the existing objects to the new S3 bucket. Encrypt the objects by using the keys from CloudHSM.
Use the S3 Intelligent-Tiering storage class for the S3 bucket. Create an S3 Intelligent-Tiering archive configuration to transition objects that are not accessed for 90 days to S3 Glacier Deep Archive.
ユーザの投票
コメント(14)
- 正解だと思う選択肢: B
This option switches the encryption method from using AWS Key Management Service (AWS KMS) to using server-side encryption with S3 managed keys (SSE-S3). This change can significantly reduce costs because AWS KMS charges per API request, while SSE-S3 does not have additional charges per API request beyond the S3 usage.
👍 7gd12023/06/24 - 正解だと思う選択肢: B
The goal here is to reduce the cost related to the usage of AWS KMS keys for server-side encryption. Using SSE-S3, which uses Amazon S3 managed keys for server-side encryption, would eliminate the additional cost related to KMS key usage while still maintaining a high level of security. Amazon S3 handles key management, which also reduces operational overhead. S3 Batch Operations can be used to efficiently copy the existing objects to the new bucket.
👍 3i_am_robot2023/06/24 - 正解だと思う選択肢: B
By choosing option B, you can switch the encryption type from SSE-KMS to SSE-S3, which eliminates the need for AWS KMS requests, thereby reducing the associated costs. This solution requires minimal changes to the application and avoids additional operational overhead.
👍 3Alabi2023/06/24
シャッフルモード