ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 216 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 216
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company runs a cron job on an Amazon EC2 instance on a predefined schedule. The cron job calls a bash script that encrypts a 2 KB file. A security engineer creates an AWS Key Management Service (AWS KMS) customer managed key with a key policy. The key policy and the EC2 instance role have the necessary configuration for this job.

Which process should the bash script use to encrypt the file?

  • A. Use the aws kms encrypt command to encrypt the file by using the existing KMS key.
  • B. Use the aws kms create-grant command to generate a grant for the existing KMS key.
  • C. Use the aws kms encrypt command to generate a data key. Use the plaintext data key to encrypt the file.
  • D. Use the aws kms generate-data-key command to generate a data key. Use the encrypted data key to encrypt the file.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by DSExam at Nov. 4, 2024, 7:56 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nznzwell
2 weeks, 2 days ago
Selected Answer: A
D is not correct: "Use the encrypted data key to encrypt the file." you need to use the plaintext data key to encrypt the file, not the encrypted data key. A is the correct answer.
upvoted 1 times
...
TareDHakim
1 month ago
Selected Answer: D
option A could encrypt the 2 KB file in this scenario, however, this approach is less efficient for frequent encryption operations and does not use envelope encryption, which is more scalable and secure.
upvoted 2 times
...
Pmktechno
1 month, 1 week ago
Selected Answer: D
Generate a Data Key: The aws kms generate-data-key command generates a data key that includes both a plaintext version and an encrypted version of the key. Encrypt the File: Use the plaintext data key to encrypt the 2 KB file. Store the Encrypted Data Key: Store the encrypted data key alongside the encrypted file. This allows the file to be decrypted later using the encrypted data key and the KMS key. This approach is efficient and secure, as it leverages the strengths of both KMS for key management and local encryption for performance.
upvoted 2 times
...
723993f
2 months, 1 week ago
Selected Answer: A
2 kb file only, no need for grant, no need to for data key
upvoted 2 times
...
DSExam
3 months ago
Selected Answer: A
The file of 2k is well within the 4k limit of the AWS KMS encrypt command
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago