🔥 3-day streak
AWS Certified Solutions Architect - Professional98 / 186
Question 98 of 186
A media company runs a data lake in a dedicated Data account within AWS Organizations. Analytics workloads in separate consumer accounts must read and process objects stored in a central S3 bucket. All objects must be encrypted at rest with a customer-managed key, key usage must be centrally auditable, and the security team requires that key material never be exposed and that individual consumer accounts can be revoked from decryption access without re-encrypting any data. Which approach best meets these requirements?
Reviewed for accuracy · Report an issueNext question