Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SCS-C02 Topic 8 Question 21 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 21
Topic #: 8
[All SCS-C02 Questions]

A company runs workloads in the us-east-1 Region. The company has never deployed resources to other AWS Regions and does not have any multi-Region resources.

The company needs to replicate its workloads and infrastructure to the us-west-1 Region.

A security engineer must implement a solution that uses AWS Secrets Manager to store secrets in both Regions. The solution must use AWS Key Management Service (AWS KMS) to encrypt the secrets. The solution must minimize latency and must be able to work if only one Region is available.

The security engineer uses Secrets Manager to create the secrets in us-east-1.

What should the security engineer do next to meet the requirements?

Show Suggested Answer Hide Answer
Suggested Answer: D

To ensure minimal latency and regional availability of secrets, encrypting secrets in us-east-1 with a customer-managed KMS key and then replicating them to us-west-1 for encryption with the same key is the optimal approach. This method leverages customer-managed KMS keys for enhanced control and ensures that secrets are available in both regions, adhering to disaster recovery principles and minimizing latency by using regional endpoints.


Contribute your Thoughts:

Emiko
5 months ago
Haha, I bet the engineers at AWS came up with these options just to confuse us. But I think Option B is the winner - keep it simple, right?
upvoted 0 times
Amira
4 months ago
I agree, Option B seems like the most straightforward solution for replicating the secrets to the us-west-1 Region.
upvoted 0 times
...
Dana
4 months ago
Option B is definitely the way to go. Keeping it simple is always a good idea.
upvoted 0 times
...
...
Timothy
5 months ago
Using a customer managed KMS key gives us more control over the encryption process and ensures consistency between the two Regions.
upvoted 0 times
...
Edelmira
5 months ago
But wouldn't it be better to use an AWS managed KMS key for encryption to simplify the process?
upvoted 0 times
...
Lura
5 months ago
I agree with Timothy. Then they should replicate the secrets to us-west-1 and encrypt them using the same customer managed KMS key.
upvoted 0 times
...
Leota
5 months ago
I agree, Option B looks like the way to go. Reducing latency and maintaining high availability are key, and this option seems to address those requirements well.
upvoted 0 times
Paulene
5 months ago
I agree, Option B is the most efficient solution for replicating secrets to the us-west-1 Region.
upvoted 0 times
...
Barney
5 months ago
Option B is definitely the best choice. It ensures low latency and high availability.
upvoted 0 times
...
...
Timothy
6 months ago
I think the security engineer should encrypt the secrets in us-east-1 using a customer managed KMS key.
upvoted 0 times
...
Fletcher
6 months ago
Option B seems the most straightforward. Replicating the secrets to another Region could be a hassle, and using different KMS keys might complicate things.
upvoted 0 times
Josue
5 months ago
Yeah, it's important to keep things simple when dealing with sensitive information like secrets.
upvoted 0 times
...
Taryn
5 months ago
Agreed, using the same KMS key in both Regions seems like the most straightforward approach.
upvoted 0 times
...
An
5 months ago
I think option B is the best choice. It keeps things simple and minimizes potential issues with replicating secrets.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77