A developer is creating an application to retrieve and format sensitive data into a PDF, potentially over 1 MB, using AWS KMS for encryption. Which method should be used to encrypt the PDF with a symmetric customer-managed KMS key, ensuring it can be decrypted later?

Exam-Like

Store the encrypted key from GenerateDataKey API for later decryption and use the provided plaintext key with a symmetric algorithm to encrypt the PDF.

44.6%

Store the plaintext key from GenerateDataKey API for later decryption and use the encrypted key with a symmetric algorithm to encrypt the PDF.

14.3%

Store the encrypted key from GenerateDataKey API for later decryption and use the plaintext key to encrypt the PDF via the KMS Encrypt API.

26.8%

Store the plaintext key from GenerateDataKey API for later decryption and use the encrypted key to encrypt the PDF via the KMS Encrypt API.

14.3%

AWS Certified Developer - Associate

Get started today

Comments

A developer is creating an application to retrieve and format sensitive data into a PDF, potentially over 1 MB, using AWS KMS for encryption. Which method should be used to encrypt the PDF with a symmetric customer-managed KMS key, ensuring it can be decrypted later?