Answer-first summary for fast verification
Answer: Use data key caching. Use the local cache that the AWS Encryption SDK provides with a caching cryptographic materials manager.
The correct answer is B: Use data key caching. The reason for this is that data key caching allows for improved performance, reduced costs, and helps ensure that your key usage does not get throttled as it increases. The AWS Encryption SDK provides a local cache with a caching cryptographic materials manager which can be used to handle frequent encryption requests efficiently. This approach optimizes both the performance and cost associated with using AWS KMS in client-side encryption scenarios.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company is utilizing AWS Key Management Service (AWS KMS) for data-at-rest encryption and requires client-side encryption for its projects. Due to increased testing of AWS KMS usage across multiple projects, there has been a significant surge in AWS resource consumption, with applications issuing frequent encryption requests to KMS endpoints. The company seeks a solution that ensures unthrottled AWS KMS usage, enhances key management for client-side encryption, and is cost-effective. Which solution meets these criteria?
A
Use keyrings with the AWS Encryption SDK. Use each keyring individually or combine keyrings into a multi-keyring. Decrypt the data by using a keyring that has the primary key in the multi-keyring.
B
Use data key caching. Use the local cache that the AWS Encryption SDK provides with a caching cryptographic materials manager.
C
Use KMS key rotation. Use a local cache in the AWS Encryption SDK with a caching cryptographic materials manager.
D
Use keyrings with the AWS Encryption SDK. Use each keyring individually or combine keyrings into a multi-keyring. Use any of the wrapping keys in the multi-keyring to decrypt the data.