Answer-first summary for fast verification
Answer: Store the encrypted key from GenerateDataKey API for later decryption and use the provided plaintext key with a symmetric algorithm to encrypt the PDF.
Option A is the correct method for encrypting the PDF file using AWS KMS. The GenerateDataKey API returns both a plaintext data key and an encrypted data key. The plaintext data key should be used with a symmetric encryption algorithm to encrypt the PDF file. The encrypted data key should be stored securely to be used later for decryption. This approach ensures that the plaintext key is not stored on disk, maintaining higher security for the sensitive data stored within the PDF.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A developer is creating an application to retrieve and format sensitive data into a PDF, potentially over 1 MB, using AWS KMS for encryption. Which method should be used to encrypt the PDF with a symmetric customer-managed KMS key, ensuring it can be decrypted later?
A
Store the encrypted key from GenerateDataKey API for later decryption and use the provided plaintext key with a symmetric algorithm to encrypt the PDF.
B
Store the plaintext key from GenerateDataKey API for later decryption and use the encrypted key with a symmetric algorithm to encrypt the PDF.
C
Store the encrypted key from GenerateDataKey API for later decryption and use the plaintext key to encrypt the PDF via the KMS Encrypt API.
D
Store the plaintext key from GenerateDataKey API for later decryption and use the encrypted key to encrypt the PDF via the KMS Encrypt API.
No comments yet.