Free AWS Certified Developer Associate DVA-C02 Practice Question

A company is storing sensitive documents in an Amazon S3 bucket and wants to implement a solution where the development team can upload encrypted files without managing the encryption keys directly. The encryption should allow the use of different keys for each S3 object and enable the automatic rotation of those keys. Which of the following should the development team implement to meet these requirements?

  • Use Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS) and enable automatic key rotation.

  • Apply an S3 Bucket Policy that requires uploads to be encrypted with a specific AWS KMS Customer Master Key (CMK) without enabling key rotation.

  • Enable Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3) and schedule an AWS Lambda function to rotate the keys regularly.

  • Store and manage encryption keys in AWS CloudHSM and manually rotate the keys by creating new HSM-backed keys when required.

  • Utilize AWS Secrets Manager to generate data keys for S3 object encryption and configure automatic rotation.

  • Implement Server-Side Encryption with Customer Provided Keys (SSE-C) and manage key rotation using a cron job on an EC2 instance.

This question's topic:
AWS Certified Developer Associate DVA-C02 / 
Security
Your Score:

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot
AI Bot