Examice

Exam SAP-C02 All QuestionsBrowse all questions from this exam

Question 481

A company needs to use an AWS Transfer Family SFTP-enabled server with an Amazon S3 bucket to receive updates from a third-party data supplier. The data is encrypted with Pretty Good Privacy (PGP) encryption. The company needs a solution that will automatically decrypt the data after the company receives the data.

A solutions architect will use a Transfer Family managed workflow. The company has created an IAM service role by using an IAM policy that allows access to AWS Secrets Manager and the S3 bucket. The role’s trust relationship allows the transfer amazonaws.com service to assume the role.

What should the solutions architect do next to complete the solution for automatic decryption?

Store the PGP public key in Secrets Manager. Add a nominal step in the Transfer Family managed workflow to decrypt files. Configure PGP encryption parameters in the nominal step. Associate the workflow with the Transfer Family server.

Store the PGP private key in Secrets Manager. Add an exception-handling step in the Transfer Family managed workflow to decrypt files. Configure PGP encryption parameters in the exception handler. Associate the workflow with the SFTP user.

Store the PGP private key in Secrets Manager. Add a nominal step in the Transfer Family managed workflow to decrypt files. Configure PGP decryption parameters in the nominal step. Associate the workflow with the Transfer Family server.

Store the PGP public key in Secrets Manager. Add an exception-handling step in the Transfer Family managed workflow to decrypt files. Configure PGP decryption parameters in the exception handler. Associate the workflow with the SFTP user.

Correct Answer: C

To automatically decrypt the data received via the AWS Transfer Family SFTP server, the PGP private key must be stored in AWS Secrets Manager since it is needed for decryption. A nominal step in the Transfer Family managed workflow should be added to handle the decryption process. The decryption parameters should be configured in this step, and then the workflow should be associated with the Transfer Family server to ensure the decryption happens as part of the managed workflow. Storing the public key is incorrect for decryption purposes because the private key is required to decrypt data encrypted with PGP.

Discussion

zapper1234

The answer should be "C" because you store the "private" key in Secrets Manager

gfhbox0083

C, for sure. In the context of AWS Transfer Family managed workflows, a ""nominal step"" refers to one of the predefined steps that you can include in a managed workflow to automate file transfer and processing tasks. An ""exception-handling step"" is a specific type of step designed to handle errors or exceptions that occur during the execution of a workflow.

mark_232323Option: C

C correct

dzhang344Option: C

C, for sure.

grandcanyonOption: C

C is correct b/c private key is what is required for decryption

HelpnosenseOption: C

Agree with Zapper1234 plus the permission is granted to transfer family server.