Q33 — AWS SAA-C03 Ch.4

Question 33 of 105 | ← Chapter 4

Q228. A company is building an application in the AWS Cloud. The application will store data in Amazon S3buckets in two AWS Regions. The company must use an AWS Key Management Service (AWS KMS) customer managed key to encrypt all data that is stored in the S3 buckets The data in both S3 buckets must be encrypted and decrypted with the same KMS key. The data and the key must be stored in each of the two Regions.Which solution will meet these requirements with the LEAST operational overhead?

Correct Answer: B. Create a customer managed multi-Region KMS key. Create an S3 bucket in each Region Configure replication between the S3buckets. Configure the application to use the KMS key with client-side encryption.