Topic 1 Question 91
A company consists or two separate business units. Each business unit has its own AWS account within a single organization in AWS Organizations. The business units regularly share sensitive documents with each other. To facilitate sharing, the company created an Amazon S3 bucket in each account and configured low-way replication between the S3 buckets. The S3 buckets have millions of objects.
Recently, a security audit identified that neither S3 bucket has encryption at rest enabled. Company policy requires that all documents must be stored with encryption at rest. The company wants to implement server-side encryption with Amazon S3 managed encryption keys (SSE-S3).
What is the MOST operationally efficient solution that meets these requirements?
Turn on SSE-S3 on both S3 buckets. Use S3 Batch Operations to copy and encrypt the objects in the same location.
Create an AWS Key Management Service (AWS KMS) key in each account. Turn on server-side encryption with AWS KMS keys (SSE-KMS) on each S3 bucket by using the corresponding KMS key in that AWS account. Encrypt the existing objects by using an S3 copy command in the AWS CLI.
Turn on SSE-S3 on both S3 buckets. Encrypt the existing objects by using an S3 copy command in the AWS CLI.
Create an AWS Key Management Service, (AWS KMS) key in each account. Turn on server-side encryption with AWS KMS keys (SSE-KMS) on each S3 bucket by using the corresponding KMS key in that AWS account. Use S3 Batch Operations to copy the objects into the same location.
ユーザの投票
コメント(15)
- 正解だと思う選択肢: A
Answer is A Keyword is "The S3 buckets have millions of objects" If there are million of objects then you should use Batch operations. https://aws.amazon.com/blogs/storage/encrypting-objects-with-amazon-s3-batch-operations/
👍 7testingaws1232023/03/12 - 正解だと思う選択肢: C
The correct answer is option C. Turn on SSE-S3 on both S3 buckets and encrypt the existing objects by using an S3 copy command in the AWS CLI. This option is the most operationally efficient solution because it uses the built-in SSE-S3 feature of S3, which eliminates the need to create and manage additional KMS keys and encrypting existing objects using S3 copy command is a straight forward process.
Option A is not the most operationally efficient solution because it requires additional steps to encrypt the objects which might take time as there are millions of objects.
Option B and D are not the most operationally efficient solution because they require additional steps to create and manage KMS keys. Additionally, they also require additional steps to encrypt the existing objects.
👍 3masetromain2023/01/15 - 正解だと思う選択肢: A
I thought option A might be correct after reading the below blog article because there were millions of objects in the S3 buckets in this scenario. https://aws.amazon.com/blogs/storage/encrypting-objects-with-amazon-s3-batch-operations/
👍 3Untamables2023/01/23
シャッフルモード