This certification preparation material would help you in getting the jobs in the AWS Fields

AWS Developer Certification : Associate Level AWS Sysops Administrator Certification : Assciate Level AWS Solution Architect Certification : Associate Level AWS Soltion Architect : Professional Level AWS Certified Security Specialty (SCS-C01) AWS Professional certification Exam AWS Certified Big Data – Specialty (BDS-C00) AWS Certified Machine Learning MLS C01 Certification Prepration Materal AWS Solution Architect : Training Associate AWS Advanced Networking Certifications AWS Exam Prepare : Kinesis Data Stream Book : AWS Solution Architect Associate : Little Guide AWS Security Specialization Certification: Little Guide SCS-C01 AWS Package Deal

While applying to the Job you need to mention referred by : | or Website :


Question 12: You have a very sensitive as well as critical data which needs to be used across various applications which are hosted in different AWS regions. Data is sensitive so you want them to be always encrypted, and only application can decrypt the data. Which of the following can be possible in the given requirement?

  1. You will be copying this data in one of S3 bucket and encrypt the entire S3 bucket.
  2. You will be copying this data in all the regions where the application hosted and cache the data key as part of application to encrypt and decrypt the data.
  3. You will have only one copy of the data in one region and application hosted in different region can access this data as well as KMS to decrypt the data.
  4. You will create separate bucket in each region and copy data in this bucket and encrypt the entire bucket in each region. Application will cache the pain text data keys.

Correct Answer : B

Detailed Explanation: This question may not be looking for ideal solution, but what can be possible with the KMS and encrypted data. First note that you cannot encrypt entire S3 bucket rather only data in the bucket can be encrypted. So it is quite easy to discard both option 1 and 4. KMS keys are account and region specific, so that they cannot be accessed across the region. Only option remain in 2nd one and this is correct as well. You can copy encrypted data across the region and cache the data keys in application so that they can be used to do cryptographic operations like encryption and decryption.

Read this: There is an alternate way as well rather than using KMS as a key storage, you can use S3 bucket for storing your keys.