How do you implement this in a highly available and cos…

You are designing a personal document-archiving solution for your global enterprise with
thousands of employee. Each employee has potentially gigabytes of data to be backed up in this
archiving solution. The solution will be exposed to the employees as an application, where they
can just drag and drop their files to the archiving system. Employees can retrieve their archives
through a web interface. The corporate network has high bandwidth AWS Direct Connect
connectivity to AWS. You have a regulatory requirement that all data needs to be encrypted
before being uploaded to the cloud.
How do you implement this in a highly available and cost-efficient way?

You are designing a personal document-archiving solution for your global enterprise with
thousands of employee. Each employee has potentially gigabytes of data to be backed up in this
archiving solution. The solution will be exposed to the employees as an application, where they
can just drag and drop their files to the archiving system. Employees can retrieve their archives
through a web interface. The corporate network has high bandwidth AWS Direct Connect
connectivity to AWS. You have a regulatory requirement that all data needs to be encrypted
before being uploaded to the cloud.
How do you implement this in a highly available and cost-efficient way?

A.
Manage encryption keys on-premises in an encrypted relational database. Set up an on-premises
server with sufficient storage to temporarily store files, and then upload them to Amazon S3,
providing a client-side master key.

B.
Mange encryption keys in a Hardware Security Module (HSM) appliance on-premises serve r with
sufficient storage to temporarily store, encrypt, and upload files directly into Amazon Glacier.

C.
Manage encryption keys in Amazon Key Management Service (KMS), upload to Amazon Simple
Storage Service (S3) with client-side encryption using a KMS customer master key ID, and
configure Amazon S3 lifecycle policies to store each object using the Amazon Glacier storage
tier.

D.
Manage encryption keys in an AWS CloudHSM appliance. Encrypt files prior to uploading on the
employee desktop, and then upload directly into Amazon Glacier.



Leave a Reply 2

Your email address will not be published. Required fields are marked *