Explanation:
The correct answer is B. AWS KMS multi-Region customer managed keys allow encryption and decryption across multiple AWS Regions using the same key. This reduces operational overhead compared to configuring individual keys in each Region. Option B ensures seamless replication and encryption/decryption processes while maintaining a single customer managed multi-Region KMS key, which aligns with the requirement for minimal operational overhead.
Ultimate access to all questions.
In an AWS Cloud application, data is stored across S3 buckets in two different Regions. The requirement is to encrypt data using a single AWS KMS customer managed key, ensuring the key is accessible in both Regions with minimal operational overhead. What is the most efficient solution?
A
Establish S3 buckets in each Region with SSE-S3 and enable replication.
B
Utilize a multi-Region customer managed KMS key, create S3 buckets, and implement client-side encryption with replication.
C
Create a customer managed KMS key and S3 buckets with SSE-S3, and set up replication.
D
Deploy a customer managed KMS key and S3 buckets, applying SSE-KMS for encryption, and configure replication.
No comments yet.