You have a customer master key (CMK) in AWS KMS, and you need to use the AWS KMS Encrypt CLI command to encrypt plaintext into ciphertext with the CMK.
Which of the following options can you encrypt with the AWS Encrypt CLI command? (Select TWO.)
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - C and D.
With the AWS KMS Encrypt CLI command, you can directly encrypt small amounts of arbitrary data that is less than 4k, such as a personal identifier or database password.
Options A and B are incorrect because the files' size would be bigger than 4k, and it is unsuitable to use AWS KMS Encrypt CLI.
For more information on the concepts for KMS, please visit the following URL:
https://docs.aws.amazon.com/kms/latest/developerguide/concepts.htmlThe AWS KMS Encrypt CLI command is a command-line tool that can be used to encrypt plaintext data using AWS Key Management Service (KMS). When encrypting data with KMS, you can use a customer master key (CMK) to protect the data.
The options that can be encrypted with the AWS Encrypt CLI command are:
A. Image Objects (1MB): You can encrypt image objects up to 1MB in size using the AWS KMS Encrypt CLI command.
B. Large files (2GB): You can also encrypt large files up to 2GB in size using the AWS KMS Encrypt CLI command.
C. Password: You can encrypt passwords using the AWS KMS Encrypt CLI command. This can be useful for storing passwords securely in a database or other storage location.
D. RSA Keys: You cannot encrypt RSA keys using the AWS KMS Encrypt CLI command. RSA keys are typically used for asymmetric encryption and decryption, and KMS does not support asymmetric encryption.
In summary, you can encrypt image objects up to 1MB, large files up to 2GB, and passwords using the AWS KMS Encrypt CLI command, but you cannot encrypt RSA keys.