Amazon Web Services AWS Certified Security - Specialty SCS-C02 Question # 25 Topic 3 Discussion

SCS-C02 Exam Topic 3 Question 25 Discussion:

Question #: 25

Topic #: 3

A company runs a cron job on an Amazon EC2 instance on a predefined schedule. The cron job calls a bash script that encrypts a 2 KB file. A security engineer creates an AWS Key Management Service (AWS KMS) customer managed key with a key policy. The key policy and the EC2 instance role have the necessary configuration for this job.
Which process should the bash script use to encrypt the file?

Use the aws kms encrypt command to encrypt the file by using the existing KMS key.

Use the aws kms create-grant command to generate a grant for the existing KMS key.

Use the aws kms encrypt command to generate a data key. Use the plaintext data key to encrypt the file.

Use the aws kms generate-data-key command to generate a data key. Use the encrypted data key to encrypt the file.

Get Premium SCS-C02 Questions

Actual exam question for Amazon Web Services SCS-C02 exam by Axel7905 at Aug 3, 2025, 12:00:00 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Amazon Web Services AWS Certified Security - Specialty SCS-C02 Question # 25 Topic 3 Discussion

Amazon Web Services AWS Certified Security - Specialty SCS-C02 Question # 25 Topic 3 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Amazon Web Services AWS Certified Security - Specialty SCS-C02 Question # 25 Topic 3 Discussion

Amazon Web Services AWS Certified Security - Specialty SCS-C02 Question # 25 Topic 3 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval