An application under development is required to store hundreds of video files. The data must be encrypted within the application prior to storage, with a unique key for each video file.
How should the developer code the application?
A.
Use the KMS Encrypt API to encrypt the data. Store the encrypted data key and data.
B.
Use a cryptography library to generate an encryption key for the application. Use the encryption key to encrypt the data. Store the encrypted data.
C.
Use the KMS GenerateDataKey API to get a data key. Encrypt the data with the data key. Store the encrypted data key and data.
D.
Upload the data to an S3 bucket using server side-encryption with an AWS KMS key.
A) Eliminated - The Encrypt API in AWS KMS is designed for small amounts of data (4 KB)
For large files, it is more efficient and scalable to use data keys (using the GenerateDataKey API)
This is the most suitable option. AWS KMS's GenerateDataKey API provides a unique data key for each invocation, which can be used to encrypt each video file. The data key itself is also returned in an encrypted form, which can be safely stored alongside the encrypted data. This approach satisfies the requirement of unique encryption for each file and securely manages the encryption keys.
A and B cannot meet the requirement of having a unique key for each file, and D cannot meet the requirement of encrypting the data within the application.
C meets all requirements.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
MrTee
Highly Voted 1 year, 6 months agosumanshu
Most Recent 4 months agosumanshu
4 months ago65703c1
5 months, 1 week agoSerialiDr
9 months, 3 weeks agoTinez
1 year agohsinchang
1 year, 1 month ago