Which option meets these requirements?

A company has decided to use encryption in its AWS account to secure the objects in Amazon S3 using server-side encryption. Object sizes range from 16.000 B to 5 MB.

The requirements are as follows:

• The key material must be generated and stored in a certified Federal Information Processing Standard (FIPS) 140-2 Level 3 machine.

• The key material must be available in multiple Regions.

Which option meets these requirements?
A . Use an AWS KMS customer managed key and store the key material in AWS with replication across Regions
B . Use an AWS customer managed key, import the key material into AWS KMS using in-house AWS CloudHS
C . and store the key material securely in Amazon S3.
D . Use an AWS KMS custom key store backed by AWS CloudHSM clusters, and copy backups across Regions
E . Use AWS CloudHSM to generate the key material and backup keys across Regions Use the Java Cryptography Extension (JCE) and Public Key Cryptography Standards #11 (PKCS #11) encryption libraries to encrypt and decrypt the data.

Answer: D

Latest SCS-C01 Dumps Valid Version with 470 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments