New Year Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

A company is developing a highly resilient application to be hosted on multiple Amazon EC2...

Amazon Web Services SCS-C02 Full Course Access
Amazon Web Services SCS-C02 View All Questions

A company is developing a highly resilient application to be hosted on multiple Amazon EC2 instances . The application will store highly sensitive user data in Amazon RDS tables

The application must

• Include migration to a different IAM Region in the application disaster recovery plan.

• Provide a full audit trail of encryption key administration events

• Allow only company administrators to administer keys.

• Protect data at rest using application layer encryption

A Security Engineer is evaluating options for encryption key management

Why should the Security Engineer choose IAM CloudHSM over IAM KMS for encryption key management in this situation?

A.

The key administration event logging generated by CloudHSM is significantly moreextensive than IAM KMS.

B.

CloudHSM ensures that only company support staff can administer encryption keys, whereas IAM KMS allows IAM staff to administer keys

C.

The ciphertext produced by CloudHSM provides more robust protection against brute force decryption attacks than the ciphertext produced by IAM KMS

D.

CloudHSM provides the ability to copy keys to a different Region, whereas IAM KMS does not

SCS-C02 PDF/Engine
  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions
buy now SCS-C02 pdf
Get 65% Discount on All Products, Use Coupon: "ac4s65"
Next
A Security Engineer has been tasked with enabling IAM Security Hub to monitor Amazon EC2...
A security team is responsible for reviewing AWS API call activity in the cloud environment...
Previous