Question 362:
You are developing an application that is using AWS Lambda. A Lambda function is placed in a private subnet which does not have access to internet. This Lambda function will receive bank account information as a JSON object. This JSON is about 7 Kb of size. You need to encrypt this information and then save it to DynamoDB. Which approach could satisfy this requirement?
Answer options:
A.Create a VPC Endpoint in the Lambda VPC for the KMS Service. Generate a new Customer Master Key. Encrypt the JSON data using KMS Envelope Encryption. Upload the encrypted data to DynamoDB.B.Generate a new Customer Master Key. Encrypt the JSON data using KMS Envelope Encryption. Upload the encrypted data to DynamoDB.C.Create a VPC Endpoint in the Lambda VPC for the KMS Service. Generate a new Customer Master Key. Encrypt the JSON data with the encrypt() KMS method using the CMS previously generated. Upload the encrypted data to DynamoDB.D.Generate a new Customer Master Key. Encrypt the JSON data with the encrypt() KMS method using the CMS previously generated. Upload the encrypted data to DynamoDB.