Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 495 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 495
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company has an application that uses AWS Key Management Service (AWS KMS) to encrypt and decrypt data. The application stores data in an Amazon S3 bucket in an AWS Region. Company security policies require the data to be encrypted before the data is placed into the S3 bucket. The application must decrypt the data when the application reads files from the S3 bucket.

The company replicates the S3 bucket to other Regions. A solutions architect must design a solution so that the application can encrypt and decrypt data across Regions. The application must use the same key to decrypt the data in each Region.

Which solution will meet these requirements?

  • A. Create a KMS multi-Region primary key. Use the KMS multi-Region primary key to create a KMS multi-Region replica key in each additional Region where the application is running. Update the application code to use the specific replica key in each Region.
  • B. Create a new customer managed KMS key in each additional Region where the application is running. Update the application code to use the specific KMS key in each Region.
  • C. Use AWS Private Certificate Authority to create a new certificate authority (CA) in the primary Region. Issue a new private certificate from the CA for the application’s website URL. Share the CA with the additional Regions by using AWS Resource Access Manager (AWS RAM). Update the application code to use the shared CA certificates in each Region.
  • D. Use AWS Systems Manager Parameter Store to create a parameter in each additional Region where the application is running. Export the key material from the KMS key in the primary Region. Store the key material in the parameter in each Region. Update the application code to use the key data from the parameter in each Region.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by zapper1234 at June 25, 2024, 8:18 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
ebbff63
Highly Voted 5 months ago
Selected Answer: A
A- straightforward - encryption and decryption across regions using multi-region key
upvoted 10 times
...
AzureDP900
Most Recent 1 week, 1 day ago
Option A Creating a KMS multi-region primary key allows you to manage encryption keys across multiple Regions. A KMS multi-region primary key can be used to create a KMS multi-region replica key, which can then be used to encrypt and decrypt data in other Regions. The application code can be updated to use the specific replica key in each Region, ensuring that the same key is used for encryption and decryption across all Regions. The other options do not meet all of the requirements:
upvoted 1 times
...
backbencher2022
3 months ago
Selected Answer: A
A is the correct answer as per this AWS documentation - https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#:~:text=A%20multi%2DRegion%20primary%20key%20is%20a%20KMS%20key%20that,primary%20key%20can%20be%20replicated.
upvoted 1 times
...
AhmedSalem
4 months, 3 weeks ago
Selected Answer: A
Answer A. AWS KMS multi-Region keys allow you to replicate keys across multiple Regions, ensuring that the same key material is available in each Region.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel