Which solutions will meet these requirements?
Write the encrypted key from the GenerateDataKey API to disk for later use. Use the plaintext key from the GenerateDataKey API and a symmetric encryption algorithm to encrypt the file.
Write the plain text key from the GenerateDataKey API to disk for later use. Use the encrypted key from the GenerateDataKey API and a symmetric encryption algorithm to encrypt the file.
Write the encrypted key from the GenerateDataKey API to disk for later use. Use the plaintext key from the GenerateDataKey API to encrypt the file by using the KMS Encrypt API.
Write the plain text key from the GenerateDataKey API to disk for later use. Use the encrypted key from the GenerateDataKey API to encrypt the file by using the KMS Encrypt API.
Explanations:
This option is correct because it stores the encrypted data key securely for later decryption and uses the plaintext data key to encrypt the file with a symmetric algorithm.
This option is incorrect because storing the plaintext data key on disk is insecure and defeats the purpose of using AWS KMS for secure key management.
This option is incorrect because it incorrectly suggests using the plaintext data key with the KMS Encrypt API, which is unnecessary and would not perform the intended encryption.
This option is incorrect because it suggests storing the plaintext key on disk, which is insecure and violates best practices for handling encryption keys.
If I had to guess, I’d say the answer is:
Write the encrypted key from the GenerateDataKey API to disk for later use. Use the plaintext key from the GenerateDataKey API and a symmetric encryption algorithm to encrypt the file.
I deduce that the answer is:
Write the encrypted key from the GenerateDataKey API to disk for later use. Use the plaintext key from the GenerateDataKey API and a symmetric encryption algorithm to encrypt the file.