Answer-first summary for fast verification
Answer: By setting up the Lambda with a role and key policy for AWS KMS key access to generate data keys for encryption.
The correct answer is B. AWS Key Management Service (KMS) allows secure management and use of encryption keys. In this scenario, the Lambda function can use an AWS KMS key to generate data keys that encrypt and decrypt data before writing it to the /tmp storage. This method ensures that the temporary data is encrypted while adhering to security best practices required for sensitive applications like healthcare.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
In a serverless healthcare application, how should temporary data written to /tmp storage on an AWS Lambda function be encrypted?
A
By enabling Amazon EBS volume encryption with an AWS KMS key in the Lambda configuration.
B
By setting up the Lambda with a role and key policy for AWS KMS key access to generate data keys for encryption.
C
By generating a symmetric encryption key using OpenSSL on Lambda startup for data encryption before writing to /tmp.
D
By using an on-premises HSM to generate keys, requesting a data key from the HSM for encrypting data on Lambda function requests.
No comments yet.