ExpertHard1 markMultiple Choice
AWS SAA-C03 · Question 15 · Domain 1.3: Data Security
An application encrypts data before writing it to a database. The company uses AWS KMS. To improve performance and reduce KMS API call costs, the application needs to encrypt data locally using a data key.<br/><br/>Which KMS API call should the application use to obtain the key?
An application encrypts data before writing it to a database. The company uses AWS KMS. To improve performance and reduce KMS API call costs, the application needs to encrypt data locally using a data key.<br/><br/>Which KMS API call should the application use to obtain the key?
Answer options:
A.
Encrypt
B.
GenerateDataKey
C.
GetParameters
D.
Decrypt
How to approach this question
Understand the envelope encryption process in AWS KMS.
Full Answer
B.GenerateDataKey✓ Correct
GenerateDataKey
In envelope encryption, you use the GenerateDataKey operation. KMS returns a plaintext version of the data key and an encrypted version. You use the plaintext key to encrypt your data locally, then store the encrypted key alongside the encrypted data.
Common mistakes
Choosing Encrypt, which is limited to 4KB of data and requires sending the data over the network to KMS.
Practice the full AWS SAA-C03 Practice Exam 6
65 questions · hints · full answers · grading
More questions from this exam
Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...MediumQ02A company has two AWS accounts: Account A for development and Account B for production. Developer...MediumQ03A mobile application needs to authenticate users using their social media accounts (Facebook, Goo...EasyQ04A company is running an application on Amazon EC2 instances. The application needs to connect to ...MediumQ05A company has 50 AWS accounts managed by AWS Organizations. The IT team wants to implement a cent...Easy