AWS Certified Developer – Associate — Question 168

An application under development is required to store hundreds of video files. The data must be encrypted within the application prior to storage, with a unique key for each video file.

How should the Developer code the application?

Answer options

• A. Use the KMS Encrypt API to encrypt the data. Store the encrypted data key and data.
• B. Use a cryptography library to generate an encryption key for the application. Use the encryption key to encrypt the data. Store the encrypted data.
• C. Use the KMS GenerateDataKey API to get a data key. Encrypt the data with the data key. Store the encrypted data key and data.
• D. Upload the data to an S3 bucket using server side-encryption with an AWS KMS key.

Correct answer: C

Explanation

Option C is correct because it outlines the process of using the KMS GenerateDataKey API to create a unique data key for each video file, encrypting the data with that key, and securely storing both the encrypted data key and the data. Options A and D do not provide a unique key for each file, while option B lacks the integration with KMS, which is essential for managing encryption keys securely.