A company uses the Amazon Kinesis SDK to write data to Kinesis Data Streams. Compliance requirements state that the data must be encrypted at rest using a key that can be rotated. The company wants to meet this encryption requirement with minimal coding effort.
How can these requirements be met?
A . Create a customer master key (CMK) in AWS KM
B . Assign the CMK an alias. Use the AWS Encryption SDK, providing it with the key alias to encrypt and decrypt the data.
C . Create a customer master key (CMK) in AWS KM
D . Assign the CMK an alias. Enable server-side encryption on the Kinesis data stream using the CMK alias as the KMS master key.
E . Create a customer master key (CMK) in AWS KM
F . Create an AWS Lambda function to encrypt and decrypt the data. Set the KMS key ID in the function’s environment variables.
G . Enable server-side encryption on the Kinesis data stream using the default KMS key for Kinesis Data Streams.
Answer: B
Explanation:
Reference: https://aws.amazon.com/kinesis/data-streams/faqs/
Leave a Reply