🔥 3-day streak
AWS Certified Security - Specialty94 / 184
Question 94 of 184
A security engineer is designing envelope encryption for a multi-tenant SaaS application. Each tenant's data is encrypted with a shared AWS KMS customer managed key. The engineer wants to ensure that ciphertext encrypted for one tenant cannot be decrypted while claiming a different tenant's identity, without creating a separate KMS key per tenant. Which approach best achieves this cryptographic binding?
Reviewed for accuracy · Report an issueNext question