A company wants to migrate a workload to AWS. The chief information security officer requires that all data be encrypted at rest when stored in the cloud. The company wants complete control of encryption key lifecycle management.
The company must be able to immediately remove the key material and audit key usage independently of AWS CloudTrail. The chosen services should integrate with other storage services that will be used on AWS.
Which services satisfies these security requirements?

A. AWS CloudHSM with the CloudHSM client

B. AWS Key Management Service (AWS KMS) with AWS CloudHSM

C. AWS Key Management Service (AWS KMS) with an external key material origin

D. AWS Key Management Service (AWS KMS) with AWS managed customer master keys (CMKs)








 

Suggested Answer: A

Community Answer: B




This question is in SAA-C02 AWS Certified Solutions Architect – Associate Exam
For getting AWS Certified Solutions Architect – Associate Certificate




Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.