🔥 3-day streak
AWS Certified Security - Specialty112 / 157
Question 112 of 157
A company stores millions of objects daily in an S3 bucket that is configured for default encryption using SSE-KMS with a customer managed key. The finance team reports a sharp increase in AWS KMS charges, and CloudTrail shows a very high volume of GenerateDataKey and Decrypt API calls against the KMS key. Security must reduce KMS request costs while keeping all objects encrypted with the same customer managed key. What should the team do?
Reviewed for accuracy · Report an issueNext question