Practice Test 2 | AWS Certified Solutions Architect Associate | SAA-C03 | Dumps | Mock Test
Your recent security review revealed a large spike in attempted logins to your AWS account. With respect to sensitive data stored in encryption enabled S3, the data has not been encrypted and is susceptible to fraud if it were to be stolen. You’ve recommended AWS Key Management Service as a solution. Which of the following is true regarding how KMS operates?
A. Only KMS generated keys can be used to encrypt or decrypt data
B. Data is encrypted at rest
C. KMS allows all users and roles use of the keys by default
D. Data is decrypted in transit
Explanation:
Answer: B
- B. Data is encrypted at rest; meaning data is encrypted once uploaded to S3. Encryption while in transit is handled by SSL or by using client-side encryption.
Incorrect:
- A. Data can be encrypted/decrypted using AWS keys or keys provided by your company
- C. Users are granted permissions explicitly, not by default by KMS
- D. Data is not decrypted in transit (while moving to and from S3). Data is encrypted or decrypted while in S3 and then while in transit can be encrypted using SSL.
Reference:
- https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html
- ttps://d1.awsstatic.com/whitepapers/AWS_Securing_Data_at_Rest_with_Encryption.pdf
- https://aws.amazon.com/kms/faqs/
- https://docs.aws.amazon.com/general/latest/gr/rande.html#kms_region
- https://www.slideshare.net/AmazonWebServices/encryption-and-key-management-in-aws
Comments are closed, but trackbacks and pingbacks are open.