SAP-C02 Exam QuestionsBrowse all questions from this exam
Go to Exam

SAP-C02 Exam - Question 494

A company has an application that uses AWS Key Management Service (AWS KMS) to encrypt and decrypt data. The application stores data in an Amazon S3 bucket in an AWS Region. Company security policies require the data to be encrypted before the data is placed into the S3 bucket. The application must decrypt the data when the application reads files from the S3 bucket.

The company replicates the S3 bucket to other Regions. A solutions architect must design a solution so that the application can encrypt and decrypt data across Regions. The application must use the same key to decrypt the data in each Region.

Which solution will meet these requirements?

Show Answer
Correct Answer: A

To meet the requirement of encrypting and decrypting data across Regions using the same key, the best solution is to use AWS KMS multi-Region keys. By creating a KMS multi-Region primary key and then creating replica keys in each additional Region, the application can use the same key material in every Region. This approach ensures that data encrypted in one Region can be decrypted in any other Region where the replica key is used. This solution satisfies the security policy of encrypting data before storing it in S3 and allows the application to decrypt it in any Region.

Discussion

2 comments
Sign in to comment
ebbff63Option: A
Jun 27, 2024

A- straightforward - encryption and decryption across regions using multi-region key

AhmedSalemOption: A
Jul 3, 2024

Answer A. AWS KMS multi-Region keys allow you to replicate keys across multiple Regions, ensuring that the same key material is available in each Region.