A large government organization is moving to the cloud and has specific encryption requirements. The first workload to move requires that a customer’s data be immediately destroyed when the customer makes that request.
Management has asked the security team to provide a solution that will securely store the data, allow only authorized applications to perform encryption and decryption and allow for immediate destruction of the data
Which solution will meet these requirements?
A . Use AWS Secrets Manager and an AWS SDK to create a unique secret for the customer-specific data
B . Use AWS Key Management Service (AWS KMS) and the AWS Encryption SDK to
generate and store a data encryption key for each customer.
C . Use AWS Key Management Service (AWS KMS) with service-managed keys to generate and store customer-specific data encryption keys
D . Use AWS Key Management Service (AWS KMS) and create an AWS CloudHSM custom key store Use CloudHSM to generate and store a new CMK for each customer.
Answer: A
Leave a Reply