An application processes sensitive financial data for multiple customers. Each customer's data must be encrypted separately at rest using a secure, centralized key management solution. The company will use AWS KMS. Which solution meets these requirements with the least operational overhead?
Choose an answer
Tap an option to check your answer.
Correct answer: Create separate AWS KMS keys for each customer's data with granular access control and logging enabled..
Why this is the answer
Creating separate AWS KMS keys for each customer's data with granular access control and logging enabled is the most suitable solution. This approach ensures that each customer's sensitive financial data is encrypted independently, meeting the requirement for separate encryption at rest. AWS KMS provides a secure, centralized key management solution with built-in auditing and access control, minimizing operational overhead compared to managing keys outside of KMS. Storing keys in an S3 bucket is not a secure or centralized key management solution. Deploying a hardware security appliance introduces significant operational overhead and complexity. Using a single AWS KMS key for all data does not meet the requirement for separate encryption for each customer.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed