AWS Certified Developer – Associate — Question 53

A Lambda function processes data before sending it to a downstream service. Each piece of data is approximately 1MB in size. After a security audit, the function is now required to encrypt the data before sending it downstream.
Which API call is required to perform the encryption?

Answer options

• A. Pass the data to the KMS ReEncrypt API for encryption.
• B. Use the KMS GenerateDataKey API to get an encryption key.
• C. Use the KMS GenerateDataKeyWithoutPlainText API to get an encryption key.
• D. Pass the data to KMS as part of the Encrypt API for encryption.

Correct answer: B

Explanation

The correct answer is B because the KMS GenerateDataKey API generates a data encryption key that can be used to encrypt the data before sending it downstream. Options A, C, and D do not provide a method to obtain a usable encryption key directly, which is essential for the encryption process.