As a part of the smart city initiatives, Hyderabad (GHMC), one of the largest cities in southern India is working on capturing massive volumes of video streams 24/7 captured from the large numbers of “Vivotek IB9371 - HT” cameras installed at traffic lights, parking lots, shopping malls, and just about every public venue to help solve traffic problems, help prevent crime, dispatch emergency responders, and much more.
GHMC uses AWS to host their entire infrastructure. The camera's write stream into Kinesis Video Stream securely and eventually consumed by applications for custom video processing, on-demand video playback and also consumed by AWS Rekognition for video analytics.
GHMC is looking at enabling encryption for their streams of data at rest
How can this be enabled? select 2 options.
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.Answer: A, C.
Option A is correct -Server-side encryption is always enabled on Kinesis Video Streams
https://docs.aws.amazon.com/kinesisvideostreams/latest/dg/how-Option B is incorrect -Server-side encryption is always enabled on Kinesis Video Streams
https://docs.aws.amazon.com/kinesisvideostreams/latest/dg/how-Option C is correct -Server-side encryption using AWS Key Management Service (AWS KMS) Customer Master Key (CMK) allows encrypting your data at rest in Amazon Kinesis Video Streams
https://docs.aws.amazon.com/kinesisvideostreams/latest/dg/how-Option D is incorrect - Server-side encryption using AWS Key Management Service (AWS KMS) Customer Master Key (CMK) allows encrypting your data at rest in Amazon Kinesis Video Streams
https://docs.aws.amazon.com/kinesisvideostreams/latest/dg/how-Option E is incorrect - Client -side encryption is not enabled on Kinesis Video Streams
https://docs.aws.amazon.com/kinesisvideostreams/latest/dg/how-Option F is incorrect -Server side encryption addresses encryption of data only at rest
https://docs.aws.amazon.com/kinesisvideostreams/latest/dg/how-The correct options are C and D.
Kinesis Video Streams is an AWS service that enables you to stream video from connected devices to AWS for real-time processing, playback, and analysis. Kinesis Video Streams provides server-side encryption to secure data in transit, but it does not enable encryption at rest by default.
Option A is incorrect as server-side encryption is not always enabled on Kinesis Video Streams. It needs to be explicitly enabled by the user.
Option B is incorrect as server-side encryption is not always disabled on Kinesis Video Streams. It needs to be explicitly enabled by the user.
Option C is correct. Server-side encryption using AWS Key Management Service (AWS KMS) Customer Master Key (CMK) allows encrypting your data at rest in Amazon Kinesis Video Streams. The user can use the Kinesis Video Streams API or console to enable encryption using a KMS CMK. When enabled, Kinesis Video Streams encrypts data at rest using the specified KMS CMK.
Option D is also correct. Client-side encryption using AWS Key Management Service (AWS KMS) Client Master Key (CMK) allows encrypting your data at rest in Amazon Kinesis Video Streams. The user can use the Kinesis Video Streams Producer SDK to encrypt data at the device level before it is sent to Kinesis Video Streams. The Producer SDK uses a KMS CMK to encrypt data.
Option E is incorrect as client-side encryption is not always enabled on Kinesis Video Streams by default.
Option F is incorrect as server-side encryption only addresses encryption of data at rest, not in transit. Data in transit is secured using Transport Layer Security (TLS) encryption.
In summary, options C and D are the correct answers. The user can enable encryption for data at rest in Kinesis Video Streams using either server-side encryption with a KMS CMK (option C) or client-side encryption with a KMS CMK (option D).