ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 252 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 252
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A security engineer must develop an encryption tool for a company. The company requires a cryptographic solution that supports the ability to perform cryptographic erasure on all resources protected by the key material in 15 minutes or less.
Which Aws Key Management Service (AWS KMS) key solution will allow the security engineer to meet these requirements?

  • A. Use imported key material with CMK.
  • B. Use an AWS KMS CMK.
  • C. Use an AWS managed CMK.
  • D. Use an AWS KMS customer managed CMK.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by stamford at Aug. 25, 2021, 1:20 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Igloo
Highly Voted 3 years, 8 months ago
A Reference: https://aws.amazon.com/kms/faqs/ , question "Q: Can I delete a key from AWS KMS?"
upvoted 9 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: A
Correct answer is A. To be able to expire/delete a KMS key at any time, importing key material will allow you this.
upvoted 1 times
...
pal40sg
2 years, 1 month ago
Selected Answer: A
A: Use imported key material with CMK. When using imported key material with a customer managed CMK (CMK), you have full control over the key material and can securely delete it when needed.
upvoted 2 times
...
ITGURU51
2 years, 2 months ago
The word play is a little tricky here. The question is asking the security engineer to implement an encryption tool that will render the data protected by the key unreadable. A
upvoted 1 times
...
Balki
2 years, 7 months ago
Selected Answer: A
You can use an imported key to get greater control over the creation, lifecycle management, and durability of your key in AWS KMS. Imported keys are designed to help you meet your compliance requirements which may include the ability to generate or maintain a secure copy of the key in your infrastructure, and the ability to immediately delete the imported copy of the key from AWS infrastructure.
upvoted 1 times
...
sapien45
2 years, 10 months ago
Selected Answer: A
''ability to perform cryptographic erasure on all resources protected by the key material '' question dicsuss the ability to immediatly delete data, not key But A is the reponse
upvoted 1 times
...
TollaMS
3 years, 8 months ago
Q: When would I use an imported key? You can use an imported key to get greater control over the creation, lifecycle management, and durability of your key in AWS KMS. Imported keys are designed to help you meet your compliance requirements which may include the ability to generate or maintain a secure copy of the key in your infrastructure, and the ability to immediately delete the imported copy of the key from AWS infrastructure. The answer is A
upvoted 4 times
...
kiev
3 years, 8 months ago
A. With imported key you can delete or erase your data any time you want.
upvoted 2 times
...
fais1985
3 years, 8 months ago
C is correct
upvoted 1 times
...
dumma
3 years, 9 months ago
A is correct
upvoted 1 times
...
stamford
3 years, 9 months ago
I hope its A..
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel