AWS Certified Developer – Associate (DVA-C02) — Question 163

When using the AWS Encryption SDK, how does the developer keep track of the data encryption keys used to encrypt data?

Answer options

• A. The developer must manually keep track of the data encryption keys used for each data object.
• B. The SDK encrypts the data encryption key and stores it (encrypted) as part of the returned ciphertext.
• C. The SDK stores the data encryption keys automatically in Amazon S3.
• D. The data encryption key is stored in the Userdata for the EC2 instance.

Correct answer: B

Explanation

The correct answer is B because the AWS Encryption SDK handles the encryption of the data encryption key and integrates it into the ciphertext, ensuring secure storage. Option A is incorrect as it suggests manual tracking, which is unnecessary. Option C is wrong since the SDK does not automatically store encryption keys in Amazon S3, and Option D is incorrect because storing the data encryption key in EC2 Userdata is not a standard practice for key management.