ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 328 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 328
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company runs a cron job on an Amazon EC2 instance on a predefined schedule. The cron job calls a bash script that encrypts a 2 KB file. A security engineer creates an AWS Key Management Service (AWS KMS) CMK with a key policy. The key policy and the EC2 instance role have the necessary configuration for this job.

Which process should the bash script use to encrypt the file?

  • A. Use the aws kms encrypt command to encrypt the file by using the existing CMK.
  • B. Use the aws kms create-grant command to generate a grant for the existing CMK.
  • C. Use the aws kms encrypt command to generate a data key. Use the plaintext data key to encrypt the file.
  • D. Use the aws kms generate-data-key command to generate a data key. Use the encrypted data key to encrypt the file.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Blueocean at Nov. 20, 2022, 12:44 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
D2
Highly Voted 2 years, 5 months ago
Selected Answer: A
Answer A data size is less than 4kb hence below should work https://docs.aws.amazon.com/cli/latest/reference/kms/encrypt.html
upvoted 9 times
...
Toptip
Most Recent 1 year, 11 months ago
Selected Answer: A
A 'aws kms encrypt' command should be used for data less than 4KB
upvoted 1 times
...
sakibmas
2 years, 4 months ago
Selected Answer: A
"aws kms encrypt" Encrypts plaintext of up to 4,096 bytes using a KMS key. Reference: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/kms/encrypt.html
upvoted 1 times
...
luis12345
2 years, 4 months ago
Selected Answer: A
If the data to be encrypted in smaller than 4KB, there is no need to generate a new DataKey. It can be done directly with the CMK.
upvoted 2 times
...
Blueocean
2 years, 5 months ago
I would prefer option A to option D https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago