exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 260 discussion

A developer is writing an application that will retrieve sensitive data from a third-party system. The application will format the data into a PDF file. The PDF file could be more than 1 MB. The application will encrypt the data to disk by using AWS Key Management Service (AWS KMS). The application will decrypt the file when a user requests to download it. The retrieval and formatting portions of the application are complete.

The developer needs to use the GenerateDataKey API to encrypt the PDF file so that the PDF file can be decrypted later. The developer needs to use an AWS KMS symmetric customer managed key for encryption.

Which solutions will meet these requirements?

  • A. Write the encrypted key from the GenerateDataKey API to disk for later use. Use the plaintext key from the GenerateDataKey API and a symmetric encryption algorithm to encrypt the file.
  • B. Write the plain text key from the GenerateDataKey API to disk for later use. Use the encrypted key from the GenerateDataKey API and a symmetric encryption algorithm to encrypt the file.
  • C. Write the encrypted key from the GenerateDataKey API to disk for later use. Use the plaintext key from the GenerateDataKey API to encrypt the file by using the KMS Encrypt API.
  • D. Write the plain text key from the GenerateDataKey API to disk for later use. Use the encrypted key from the GenerateDataKey API to encrypt the file by using the KMS Encrypt API.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
CrescentShared
Highly Voted 1 year ago
Selected Answer: A
Using the KMS Encrypt API to encrypt large amounts of data, such as a PDF file that could be more than 1 MB, is not efficient and can be costly. AWS KMS is designed for encrypting small amounts of data, such as encryption keys or short strings. For larger data, it's recommended to use a client-side encryption library with a data key generated by KMS.
upvoted 6 times
...
0bdf3af
Most Recent 4 days, 12 hours ago
Selected Answer: C
C. We use KMS Encrypt API and this method is called envelope encyrption. KMS will generate plaintext key which we have to store on the disk. We use it to encrypt file by calling KMS API
upvoted 1 times
...
preachr
5 months, 3 weeks ago
Selected Answer: A
To encrypt data outside of AWS KMS: 1) Use the GenerateDataKey operation to get a data key. 2) Use the plaintext data key (in the Plaintext field of the response) to encrypt your data outside of AWS KMS. Then erase the plaintext data key from memory. 3) Store the encrypted data key (in the CiphertextBlob field of the response) with the encrypted data.
upvoted 1 times
...
wh1t4k3r
6 months, 3 weeks ago
Selected Answer: C
Where is the KMS key element on A?
upvoted 1 times
...
jyrajan69
8 months ago
The question clearly says using KMS so why would you even consider A and B
upvoted 2 times
...
65703c1
9 months, 4 weeks ago
Selected Answer: A
A is the correct answer.
upvoted 2 times
...
DeaconStJohn
11 months, 4 weeks ago
Selected Answer: C
Going with my gut.
upvoted 1 times
...
SerialiDr
1 year ago
Selected Answer: A
Option A is the most appropriate method for encrypting a PDF file using AWS KMS, where the plaintext key is used for encryption operations, and the encrypted key (not the plaintext key) is stored or managed externally for later decryption use.
upvoted 2 times
...
Abdullah22
1 year ago
going with C
upvoted 1 times
...
KarBiswa
1 year ago
Selected Answer: C
https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.html
upvoted 3 times
KarBiswa
1 year ago
Sorry changing it to A as C is not about saying using plain text data as customized. Though the algorithm word is confusing
upvoted 1 times
KarBiswa
12 months ago
C is the option final decision
upvoted 1 times
...
...
...
ANDRES715
1 year ago
Selected Answer: D
Según la documentación de AWS, cuando se utiliza la API GenerateDataKey, se obtiene una clave de texto sin formato y una clave cifrada. La clave de texto sin formato se puede escribir en el disco para su uso posterior, mientras que la clave cifrada se utiliza para cifrar los datos. En este caso, el desarrollador debe escribir la clave de texto sin formato en el disco para su uso posterior y utilizar la clave cifrada para cifrar el archivo PDF mediante la API de cifrado KMS.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago