SCS-C03
Data Protection
hard
Question 3 of 36

A company uses S3 Cross-Region Replication for objects encrypted with a multi-Region KMS key and expects replication to avoid any re-encryption because the key ID is the same in both Regions. What actually happens according to AWS documentation?

AReplication fails because multi-Region keys cannot be used with Amazon S3
BAmazon S3 cross-Region replication still decrypts and re-encrypts the data under a KMS key in the destination Region
CThe object is copied in ciphertext form with no KMS operation in the destination Region
DThe object is copied only if both Regions use the global STS endpoint

More Data Protection Questions

36 questions

Full AWS Certified Security - Specialty Practice Test

All topics covered

All AWS Certified Security - Specialty Questions

Browse by topic

Related Questions

A team stores database credentials in AWS Secrets Manager and wants to avoid extra KMS key charges u...

easy

A company wants write-once-read-many protection for objects in Amazon S3 so the objects cannot be de...

easy

A compliance officer needs a retention mode in S3 Object Lock that prevents any user, including the ...

medium

A security architect wants full control over KMS key lifecycle and usage permissions for an encrypti...

medium

A company needs to encrypt data in one AWS Region and decrypt it in another Region without re-encryp...

hard
View all Data Protection questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account