ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 214 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 214
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company uses AWS Key Management Service (AWS KMS). During an attempt to attach an encrypted Amazon Elastic Block Store (Amazon EBS) volume to an Amazon EC2 instance, the attachment fails. The company discovers that a customer managed key has become unusable because the key material for the key was deleted. The company needs the data that is on the EBS volume.

A security engineer must recommend a solution to decrypt the EBS volume’s encrypted data key. The solution must also attach the volume to the EC2 instance.

Which solution will meet these requirements?

  • A. Import new key material into the key. Attach the EBS volume.
  • B. Restore the EBS volume from a snapshot that was taken before the deletion of the key material.
  • C. Reimport the same key material that originally was imported into the key. Attach the EBS volume.
  • D. Create a new key. Import new key material. Attach the EBS volume.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by DSExam at Nov. 4, 2024, 7:47 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
youonebe
3 months, 1 week ago
Selected Answer: C
Answer is C. B is wrong because it wouldn't solve the problem as the snapshot would still be encrypted with the same unusable KMS key. C: Deleting the key material of a KMS key with imported key material is temporary and reversible. To restore the key, reimport its key material. https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html
upvoted 1 times
...
TareDHakim
3 months, 2 weeks ago
Selected Answer: B
tricky! B and C could work, BUT... there's no mention of available snapshots. so C is the better option.
upvoted 1 times
...
Pmktechno
3 months, 3 weeks ago
Selected Answer: B
This approach ensures that you can access the data using the snapshot, which retains the original encryption key material. Since the key material for the customer managed key was deleted, reimporting the same key material or creating a new key will not help in decrypting the existing data on the EBS volume.
upvoted 1 times
...
IPLogic
4 months, 2 weeks ago
Selected Answer: B
The correct solution to decrypt the EBS volume’s encrypted data key and attach the volume to the EC2 instance is: B. Restore the EBS volume from a snapshot that was taken before the deletion of the key material. When the key material for a customer managed key is deleted, the key becomes unusable, and you cannot decrypt data encrypted with that key. Therefore, the best approach is to restore the EBS volume from a snapshot taken before the key material was deleted. This ensures that the data can be decrypted using the key material that was valid at the time of the snapshot.
upvoted 1 times
IPLogic
4 months, 2 weeks ago
Option C (Reimport the same key material that originally was imported into the key. Attach the EBS volume) is not feasible because AWS KMS does not allow re-importing the same key material into an existing key. Once the key material is deleted, the key becomes permanently unusable, and you cannot re-import the same key material to restore its functionality. Therefore, the best approach is to restore the EBS volume from a snapshot taken before the key material was deleted (Option B). This ensures that the data can be decrypted using the key material that was valid at the time of the snapshot.
upvoted 1 times
...
...
jdx000
4 months, 3 weeks ago
Selected Answer: C
C is the only possible way to try to decrypt if the key material was not lost
upvoted 1 times
...
723993f
4 months, 3 weeks ago
Selected Answer: C
C] only way is to import the delete material if you still have it somewhere, B] does not wotk because snapshots are encrypted as well
upvoted 1 times
...
DSExam
5 months, 2 weeks ago
Selected Answer: C
The snapshot will be encrypted with the same key that was deleted so decryption of the snapshot will be impossible. Importing the same key material as the deleted key will restore the ability to decrypt the volume.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago