Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

The company must encrypt finance reports that are stored in an Amazon S3 bucket.

Amazon Web Services SAA-C03 Full Course Access
Amazon Web Services SAA-C03 View All Questions

The company must encrypt finance reports that are stored in an Amazon S3 bucket. An AWS Lambda function must be able to decrypt the reports dynamically. An IAM group that the company ' s security administrators use must manage the encryption keys. The IAM group must manage key rotation, deletion, and creation. The company must grant access to the keys according to the principle of least privilege.

Which solution will meet these requirements?

A.

Use server-side encryption with Amazon S3 managed keys SSE-S3 to encrypt the reports in the S3 bucket. Use IAM policies to allow the Lambda function execution role to decrypt the reports.

B.

Use customer managed AWS KMS keys to encrypt the reports in the S3 bucket. Use IAM policies to grant the Lambda function execution role permissions to decrypt the files. Use IAM policies to grant the security administrator IAM group permissions to perform only kms:CreateKey, kms:DeleteKey, and kms:RotateKey actions on KMS keys.

C.

Use server-side encryption with AWS KMS keys to encrypt the reports in the S3 bucket. Use IAM policies to grant the Lambda function execution role permissions to decrypt the reports. Grant the security administrator IAM group permissions to generate KMS keys.

D.

Use customer-managed AWS KMS keys to encrypt the reports in the S3 bucket. Grant the Lambda function execution role and the security administrator IAM group full access to perform all transactions on KMS keys.

SAA-C03 PDF/Engine
  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions
buy now SAA-C03 pdf
Get 65% Discount on All Products, Use Coupon: "ac4s65"
Next
A company is performing a security review of its Amazon EMR API usage.
A company wants to protect AWS-hosted resources, including Application Load Balancers and CloudFront distributions.
Previous