A Developer must encrypt a 100-GB object using AWS KMS. What is the BEST approach?
A. Make an EncryptAPI call to encrypt the plaintext data as ciphertext using a customer master key (CMK)
B. Make an EncryptAPI call to encrypt the plaintext data as ciphertext using a customer master key (CMK) with imported key material
C. Make a GenerateDataKeyAPI call that returns a plaintext key and an encrypted copy of a data key. Use a plaintext key to encrypt the data
D. Make a GenerateDataKeyWithoutPlaintextAPI call that returns an encrypted copy of a data key. Use an encrypted key to encrypt the data
A. Make an EncryptAPI call to encrypt the plaintext data as ciphertext using a customer master key (CMK)
B. Make an EncryptAPI call to encrypt the plaintext data as ciphertext using a customer master key (CMK) with imported key material
C. Make a GenerateDataKeyAPI call that returns a plaintext key and an encrypted copy of a data key. Use a plaintext key to encrypt the data
D. Make a GenerateDataKeyWithoutPlaintextAPI call that returns an encrypted copy of a data key. Use an encrypted key to encrypt the data