AWS Certified Cloud Practitioner

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Create an Amazon EMR security configuration. Specify the appropriate AWS KMS key for at-rest encryption for the S3 bucket. Specify the Amazon S3 path of the PEM file for in-transit encryption. Use the security configuration during EMR cluster creation.

Option C is CORRECT because Amazon EMR security configurations allow you to define encryption settings for data at rest and in transit. By specifying the AWS KMS key for at-rest encryption for the S3 bucket and the Amazon S3 path of the PEM file for in-transit encryption within a single security configuration, you meet both encryption requirements effectively. This configuration is then used during the creation of the EMR cluster, ensuring data security without requiring additional configurations.

Author: Ritesh Yadav

Quick Answer

Answer-first summary for fast verification

Author: Ritesh Yadav

Comments (0)

No comments yet.

Question 27/58

A data engineer is launching an Amazon EMR cluster. The data that the data engineer needs to load into the new cluster is currently in an Amazon S3 bucket. The data engineer needs to ensure that data is encrypted both at rest and in transit.

The data that is in the S3 bucket is encrypted by an AWS Key Management Service (AWS KMS) key. The data engineer has an Amazon S3 path that has a Privacy Enhanced Mail (PEM) file.

Which solution will meet these requirements?

Exam-Like

Community

RRitesh

Last updated: May 2, 2026 at 06:21

Create an Amazon EMR security configuration. Specify the appropriate AWS KMS key for at-rest encryption for the S3 bucket. Create a second security configuration. Specify the Amazon S3 path of the PEM file for in-transit encryption. Create the EMR cluster, and attach both security configurations to the cluster.

Create an Amazon EMR security configuration. Specify the appropriate AWS KMS key for local disk encryption for the S3 bucket. Specify the Amazon S3 path of the PEM file for in-transit encryption. Use the security configuration during EMR cluster creation.

Create an Amazon EMR security configuration. Specify the appropriate AWS KMS key for at-rest encryption for the S3 bucket. Specify the Amazon S3 path of the PEM file for in-transit encryption. Use the security configuration during EMR cluster creation.

Create an Amazon EMR security configuration. Specify the appropriate AWS KMS key for at-rest encryption for the S3 bucket. Specify the Amazon S3 path of the PEM file for in-transit encryption. Create the EMR cluster, and attach the security configuration to the cluster.