A company’s data lake uses Amazon S3 and Amazon Athena. The company’s security engineer has been asked to design an encryption solution that meets the company’s data protection requirements. The encryption solution must work with Amazon S3 and keys managed by the company. The encryption solution must be protected in a hardware security module that is validated to Federal Information Processing Standards (FIPS) 140-2 Level 3. Which solution meets these requirements?

Topic #: - All AWS Certified Security - Specialty Questions

A. Use client-side encryption with an AWS KMS customer-managed key implemented with the AWS Encryption SDK.
B. Use AWS CloudHSM to store the keys and perform cryptographic operations. Save the encrypted text in Amazon S3.
C. Use an AWS KMS customer-managed key that is backed by a custom key store using AWS CloudHSM.
D. Use an AWS KMS customer-managed key with the bring your own key (BYOK) feature to import a key stored in AWS CloudHSM.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion