- You will be using single AWS managed CMK to encrypt and decrypt the data as well as attach key policies for granular control.
- You will be using two separate AWS managed CMK one for S3 and other one for Redshift cluster and attach key policy to the keys for granular level of access control.
- You will be using single Customer managed CMK for encrypt and decrypt the data.
- You will be using AWS managed CMK with multi-factor-authentication enabled.
Correct Answer : C
Detailed Explanation: In this question AWS wants to know your basic understanding between Customer Managed and AWS managed CMK. You must know that
- For different services you have to use different AWS managed CMK. Hence, option 1 is out.
- You cannot have granular level of access control for AWS managed CMK. Hence, option 1 and 2 is out.
- If you want granular level of access to keys than you should use Customer Managed CMK and in this case option 3 is the only one seems to be correct. Because option 4 is also talking about AWS managed CMK.