AWS Certified Developer – Associate (DVA-C02) — Question 236

A developer is writing an application to encrypt files outside of AWS before uploading the files to an Amazon S3 bucket. The encryption must be symmetric and must be performed inside the application.

How can the developer implement the encryption in the application to meet these requirements?

Answer options

• A. Create a data key in AWS Key Management Service (AWS KMS). Use the AWS Encryption SDK to encrypt the files.
• B. Create a Hash-Based Message Authentication Code (HMAC) key in AWS Key Management Service (AWS KMS). Use the AWS Encryption SDK to encrypt the files.
• C. Create a data key pair in AWS Key Management Service (AWS KMS). Use the AWS CLI to encrypt the files.
• D. Create a data key in AWS Key Management Service (AWS KMS). Use the AWS CLI to encrypt the files.

Correct answer: A

Explanation

The correct answer is A because using a data key generated in AWS KMS along with the AWS Encryption SDK allows for symmetric encryption of files, which is a requirement stated in the question. Option B is incorrect as HMAC is not suitable for file encryption. Options C and D are incorrect because using the AWS CLI does not meet the requirement of performing encryption within the application.