New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SAP-C02 Exam - Topic 2 Question 48 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 48
Topic #: 2
[All SAP-C02 Questions]

A company has an application that uses AWS Key Management Service (AWS KMS) to encrypt and decrypt dat

a. The application stores data in an Amazon S3 bucket in an AWS Region. Company security policies require the data to be encrypted before the data is placed into the S3 bucket. The application must decrypt the data when the application reads files from the S3 bucket.

The company replicates the S3 bucket to other Regions. A solutions architect must design a solution so that the application can encrypt and decrypt data across Regions. The application must use the same key to decrypt the data in each Region.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Cassi at Jan 13, 2025, 06:44 PM

Limited Time Offer

25%

Off

Get Premium SAP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Matthew
3 months ago
I thought KMS keys were region-specific, how does A work?
upvoted 0 times
...
Ronnie
3 months ago
Wait, can you really replicate keys like that? Sounds risky!
upvoted 0 times
...
Derrick
3 months ago
B seems simpler, but it doesn't meet the multi-Region requirement.
upvoted 0 times
...
Veronika
4 months ago
Totally agree, A makes it easy to manage keys across Regions!
upvoted 0 times
...
Elvera
4 months ago
A is the best option for multi-Region KMS keys.
upvoted 0 times
...
Katie
4 months ago
Option D seems risky to me. Storing key material in Parameter Store could expose it, and I don't think it's the best practice for security.
upvoted 0 times
...
Staci
4 months ago
I practiced a similar question about KMS and S3, and I feel like option C is off-topic since it talks about certificates rather than encryption keys.
upvoted 0 times
...
Amie
4 months ago
I'm not entirely sure, but I think option B might not meet the requirement of using the same key across Regions. It seems like it would create separate keys instead.
upvoted 0 times
...
Gilma
5 months ago
I remember studying about KMS multi-Region keys, so option A sounds familiar. I think it allows for seamless encryption across Regions.
upvoted 0 times
...
Marjory
5 months ago
I'm not sure about using the Parameter Store to store the key material. That seems a bit risky to me. I'd be more comfortable with the multi-Region primary key approach.
upvoted 0 times
...
Ronna
5 months ago
Okay, I think I've got a handle on this. The key is to use a multi-Region primary key and create replica keys in each Region. That way the app can use the same key to encrypt and decrypt data.
upvoted 0 times
...
Leonardo
5 months ago
Hmm, I'm a bit confused by the multi-Region aspect. I'll need to make sure I understand how KMS keys and replication work across Regions.
upvoted 0 times
...
Thaddeus
5 months ago
This looks like a tricky one. I'll need to carefully read through the requirements and think through the different options.
upvoted 0 times
...
Willard
1 year ago
Ha! I bet the guy who wrote option B is the same one who thought 'just create a new key in each Region' was a good idea. That's like the IT version of 'have you tried turning it off and on again?'
upvoted 0 times
...
Dan
1 year ago
Option D is interesting, but storing the key material in Parameter Store? That could get messy and might not be as secure as using KMS directly.
upvoted 0 times
Loise
1 year ago
I agree, Option A seems like the most secure and efficient solution. Creating a KMS multi-Region primary key and replica keys in each Region makes sense.
upvoted 0 times
...
Ernest
1 year ago
Option D is definitely not the best choice for this scenario. Storing key material in Parameter Store can be risky.
upvoted 0 times
...
...
Tyisha
1 year ago
Option A all the way. Multi-Region KMS keys is the only way to go if you want to keep things simple and secure. Plus, it's the AWS-recommended solution, so it's gotta be good, right?
upvoted 0 times
...
Charlena
1 year ago
Option A seems like the way to go. Using a multi-Region primary key and replica keys in each Region sounds like the best approach to ensure data can be decrypted across Regions.
upvoted 0 times
Chandra
1 year ago
Updating the application code to use specific replica keys in each Region is key to maintaining data security.
upvoted 0 times
...
Elli
1 year ago
It's important to ensure that the application can access the same key in each Region for decryption.
upvoted 0 times
...
Lyda
1 year ago
Creating a multi-Region primary key and replica keys will definitely help with decrypting data across Regions.
upvoted 0 times
...
Katy
1 year ago
I agree, Option A seems like the most efficient solution.
upvoted 0 times
...
...
Kerrie
1 year ago
But option A ensures that the application uses the same key to decrypt data in each Region, which is important for consistency.
upvoted 0 times
...
Dell
1 year ago
I disagree, I believe option B is more practical as it creates a new customer managed KMS key in each Region.
upvoted 0 times
...
Kerrie
1 year ago
I think option A is the best solution because it allows for a multi-Region primary key and replica key in each additional Region.
upvoted 0 times
...

Save Cancel