AWS Certified Developer – Associate (DVA-C02) — Question 106

An application under development is required to store hundreds of video files. The data must be encrypted within the application prior to storage, with a unique key for each video file.

How should the developer code the application?

Answer options

• A. Use the KMS Encrypt API to encrypt the data. Store the encrypted data key and data.
• B. Use a cryptography library to generate an encryption key for the application. Use the encryption key to encrypt the data. Store the encrypted data.
• C. Use the KMS GenerateDataKey API to get a data key. Encrypt the data with the data key. Store the encrypted data key and data.
• D. Upload the data to an S3 bucket using server side-encryption with an AWS KMS key.

Correct answer: C

Explanation

The correct answer is C because it uses the KMS GenerateDataKey API to obtain a unique data key for each video file, allowing the data to be encrypted securely before storage. Option A incorrectly suggests using the KMS Encrypt API, which does not facilitate individual data key generation. Option B lacks the necessary integration with KMS for key management, and option D does not provide unique keys for each video file as required.