AWS Certified Security Specialty Exam Questions

Amazon

AWS Certified Security Specialty

156 / 310

Question 156:

An application is deployed on EC2 instances inside a private VPC subnet. The application uses KMS CMK to encrypt and decrypt data. Regulatory requirements specify that all data must not traverse over the public internet. Which solution option satisfies these requirements most efficiently?

Answer options:

A.Access KMS via a VPC Interface Endpoint.
B.Access KMS via a VPC Gateway Endpoint.
C.Access KMS via a NAT Gateway.
D.Access KMS via an AWS Direct Connect.
E.Access KMS via a proxy server.

Add to favourites