AWS SAA-C03 #36

这篇具有很好参考价值的文章主要介绍了AWS SAA-C03 #36。希望对大家有所帮助。如果存在错误或未考虑完全的地方,请大家不吝赐教,您也可以点击"举报违法"按钮提交疑问。

A company is building an application in the AWS Cloud. The application will store data in Amazon S3 buckets in two AWS Regions. The company must use an AWS Key Management Service (AWS KMS) customer managed key to encrypt all data that is stored in the S3 buckets. The data in both S3 buckets must be encrypted and decrypted with the same KMS key. The data and the key must be stored in each of the two Regions.
Which solution will meet these requirements with the LEAST operational overhead?

A. Create an S3 bucket in each Region. Configure the S3 buckets to use server-side encryption with Amazon S3 managed encryption keys (SSE-S3). Configure replication between the S3 buckets.
B. Create a customer managed multi-Region KMS key. Create an S3 bucket in each Region. Configure replication between the S3 buckets. Configure the application to use the KMS key with client-side encryption.
C. Create a customer managed KMS key and an S3 bucket in each Region. Configure the S3 buckets to use server-side encryption with Amazon S3 managed encryption keys (SSE-S3). Configure replication between the S3 buckets.
D. Create a customer managed KMS key and an S3 bucket in each Region. Configure the S3 buckets to use server-side encryption with AWS KMS keys (SSE-KMS). Configure replication between the S3 buckets.


The solution that meets the requirements with the LEAST operational overhead is:

B. Create a customer managed multi-Region KMS key. Create an S3 bucket in each Region. Configure replication between the S3 buckets. Configure the application to use the KMS key with client-side encryption.

Here’s why:

  1. Customer Managed Multi-Region KMS Key: This option uses a single customer managed KMS key that is designed to work across multiple AWS Regions. This means you don’t have to manage separate keys for each Region, reducing operational overhead.

  2. S3 Buckets in Each Region: It creates an S3 bucket in each Region, which is necessary for storing data in two AWS Regions.

  3. Replication: It configures replication between the S3 buckets. This ensures that data is synchronized across the two Regions, which is a requirement in this scenario.

  4. Client-Side Encryption with KMS Key: The application is configured to use the KMS key with client-side encryption. This means the application handles the encryption and decryption process using the specified KMS key.

Option A is not suitable because it uses Amazon S3 managed encryption keys (SSE-S3) which means AWS handles the encryption, but you require customer managed keys for your specific needs.

Option C is similar to Option A, using SSE-S3, and doesn’t involve customer managed keys, which is a requirement in this scenario.

Option D uses SSE-KMS, which would require managing separate KMS keys in each Region, increasing operational overhead.

Therefore, option B is the most suitable and least operationally intensive solution for this scenario.文章来源地址https://www.toymoban.com/news/detail-733037.html

到了这里,关于AWS SAA-C03 #36的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请点击违法举报进行投诉反馈,一经查实,立即删除!

领支付宝红包 赞助服务器费用

相关文章

  • AWS SAA-C03 #51

    A company is developing an application that provides order shipping statistics for retrieval by a REST API. The company wants to extract the shipping statistics, organize the data into an easy-to-read HTML format, and send the report to several email addresses at the same time every morning. Which combination of steps should a solutions architect take to mee

    2024年02月07日
    浏览(40)
  • AWS SAA-C03 #50

    A company has a production workload that runs on 1,000 Amazon EC2 Linux instances. The workload is powered by third-party software. The company needs to patch the third-party software on all EC2 instances as quickly as possible to remediate a critical security vulnerability. What should a solutions architect do to meet these requirements? A. Create an AWS La

    2024年02月07日
    浏览(48)
  • AWS SAA-C03 #146

    A company runs a stateless web application in production on a group of Amazon EC2 On-Demand Instances behind an Application Load Balancer. The application experiences heavy usage during an 8-hour period each business day. Application usage is moderate and steady overnight. Application usage is low during weekends. The company wants to minimize its EC2 costs

    2024年02月07日
    浏览(49)
  • AWS SAA-C03 #37

    A company recently launched a variety of new workloads on Amazon EC2 instances in its AWS account. The company needs to create a strategy to access and administer the instances remotely and securely. The company needs to implement a repeatable process that works with native AWS services and follows the AWS Well-Architected Framework. Which solution will meet

    2024年02月07日
    浏览(42)
  • AWS认证SAA-C03每日一题

    本题库由云计算狂魔微信公众号分享。 【SAA-C03助理级解决方案架构师认证】 A company runs an application using Amazon ECS.The application creates resized versions of an original image and then makes Amazon S3 API calls to store the resized images in Amazon S3. How can a solutions architect ensure that the application has permission

    2024年02月11日
    浏览(46)
  • AWS SAA-C03考试知识点整理

    S3: 不用于 数据库 功能 分类: S3 Standard :以便频繁访问 S3 Standard-IA 或 S3 One Zone-IA : 不经常访问的数据 Glacier: 最低的成本归档数据 S3 Intelligent-Tiering智能分层 :存储具有不断变化或未知访问模式的数据 S3 存储 也可用于静态网站托管 bucket名::amazonaws.com S3 存储 L ens :

    2024年02月08日
    浏览(47)
  • AWS SAA-C03考试题库(11 - 20)

        A company has an application that runs on Amazon EC2 instances and uses an Amazon Aurora database. The EC2 instances connect to the database by using user names and passwords that are stored locally in a file. The company wants to minimize the operational overhead of credential management. What should a solutions architect do to accomplish this goal?  

    2024年03月12日
    浏览(57)
  • AWS-SAA-C03认证——之基础知识扫盲

    AWS认证考试是什么?有什么用? AWS认证(AWS Certification )是AWS针对云计算行业从业者推出的一套认证体系;学员可以通过获得业内认可的证书来证明您的 AWS 云技能并提高您的信用度。 AWS官网关于认证体系的介绍页面:https://aws.amazon.com/cn/certification/ 目前,AWS在全球云计算市

    2024年01月17日
    浏览(50)
  • AWS SAA C003 #29

    A company provides a Voice over Internet Protocol (VoIP) service that uses UDP connections. The service consists of Amazon EC2 instances that run in an Auto Scaling group. The company has deployments across multiple AWS Regions. The company needs to route users to the Region with the lowest latency. The company also needs automated failover between Regions.

    2024年02月08日
    浏览(32)
  • AWS SAA知识点整理(作成中)

    一些信息已经更新了,但参考题的答案还是旧的。 比如: S3的最大读写性能已经提高到 3,500 PUT/COPY/POST/DELETE or 5,500 GET/HEAD requests per second 并且不再要求使用random prefix 题目中有时候会让选择 Not violation 不合适的一项,必须注意。 为了提高读取的performance: For example, your applica

    2024年02月07日
    浏览(64)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

博客赞助

微信扫一扫打赏

请作者喝杯咖啡吧~博客赞助

支付宝扫一扫领取红包,优惠每天领

二维码1

领取红包

二维码2

领红包