A company wants a scalable key management infrastructure to support developers who need to encrypt application data. What should a solutions architect do to reduce operational burden?
Choose an answer
Tap an option to check your answer.
Correct answer: Use AWS Key Management Service (AWS KMS) to protect the encryption keys..
Why this is the answer
AWS Key Management Service (KMS) is the correct choice because it provides a fully managed, scalable service for creating and managing cryptographic keys, reducing operational burden significantly. It integrates seamlessly with other AWS services and offers strong security controls. Multi-factor authentication (MFA) protects access to accounts, not the encryption keys themselves, and doesn't provide a key management infrastructure. AWS Certificate Manager (ACM) is for managing SSL/TLS certificates, not encryption keys for application data. While IAM policies are crucial for controlling access to KMS keys, they are a component of the overall security strategy, not the key management infrastructure itself. KMS is the service that handles the creation, storage, and lifecycle of the keys.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed