Answer-first summary for fast verification
Answer: Use AWS Key Management Service (AWS KMS) to protect the encryption keys.
## Explanation **Correct Answer: B - Use AWS Key Management Service (AWS KMS) to protect the encryption keys.** AWS KMS is specifically designed to reduce the operational burden of key management by providing a fully managed service for creating and controlling encryption keys. Here's why: ### Why AWS KMS is the Best Choice: 1. **Fully Managed Service**: AWS KMS handles the underlying infrastructure, security, and maintenance of encryption keys, reducing operational overhead. 2. **Scalability**: It automatically scales to meet the needs of multiple developers and applications. 3. **Integration**: Seamlessly integrates with other AWS services and developer applications. 4. **Compliance**: Provides built-in compliance features and audit trails through AWS CloudTrail. 5. **Key Rotation**: Supports automatic key rotation to maintain security without manual intervention. ### Why Other Options Are Not Ideal: **A. Use multi-factor authentication (MFA) to protect the encryption keys.** - While MFA enhances security, it doesn't reduce operational burden for key management infrastructure. - MFA is an authentication mechanism, not a key management solution. **C. Use AWS Certificate Manager (ACM) to create, store, and assign the encryption keys.** - ACM is designed for SSL/TLS certificates, not general-purpose encryption key management. - ACM doesn't provide the same level of key management features as AWS KMS. **D. Use an IAM policy to limit the scope of users who have access permissions to protect the encryption keys.** - IAM policies control access but don't manage the encryption keys themselves. - This approach would still require manual key management infrastructure. ### Key Benefits of AWS KMS: - **Centralized Key Management**: Single place to create, manage, and audit encryption keys - **Automated Operations**: Reduces manual key management tasks - **Developer-Friendly**: Provides APIs and SDKs for easy integration into applications - **Cost-Effective**: Pay-per-use model with no upfront costs - **High Availability**: Built on AWS's highly available infrastructure By using AWS KMS, the solutions architect can provide developers with a secure, scalable, and operationally efficient key management solution that integrates seamlessly with their applications while maintaining compliance and security standards.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company wants to build a scalable key management infrastructure to support developers who need to encrypt data in their applications. What should a solutions architect do to reduce the operational burden?
A
Use multi-factor authentication (MFA) to protect the encryption keys.
B
Use AWS Key Management Service (AWS KMS) to protect the encryption keys.
C
Use AWS Certificate Manager (ACM) to create, store, and assign the encryption keys.
D
Use an IAM policy to limit the scope of users who have access permissions to protect the encryption keys.