Question 54:
You are setting up a video streaming service with the main components of the setup being S3, CloudFront, and Transcoder. Your video content will be stored on AWS S3, and it should only be viewed by the subscribers who have paid for the service. Your first job is to upload 10 videos to S3 and ensure that they are secure before you even begin to start thinking of streaming the videos. The 10 videos have just finished uploading to S3, so you now need to secure them with encryption at rest. Which of the following would be the best way to do this? Choose the correct answer from the options below.
Answer options:
A.Use AWS CloudHSM appliance with both physical and logical tamper detection and response mechanisms that trigger zeroization of the appliance. B.Encrypt your data using AES-256. After the object is encrypted, the encryption key you used needs to be stored on AWS CloudFront so that only authenticated users can stream the videos. C.Set an API flag, or check a box in the AWS Management Console, to have data encrypted in Amazon S3. Create IAM Users to access the videos from S3. D.Use a KMS CMK to encrypt the files. Also, use signed URLs in a CloudFront distribution to serve the S3 contents.