exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam

Exam AWS Certified Security - Specialty topic 1 question 477 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 477
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company hosts a web-based application that captures and stores sensitive data in an Amazon DynamoDB table. The company needs to implement a solution that provides end-to-end data protection and the ability to detect unauthorized data changes.

Which solution will meet these requirements?

  • A. Use an AWS Key Management Service (AWS KMS) customer managed key. Encrypt the data at rest.
  • B. Use AWS Private Certificate Authority. Encrypt the data in transit.
  • C. Use the DynamoDB Encryption Client. Use client-side encryption. Sign the table items.
  • D. Use the AWS Encryption SDK. Use client-side encryption. Sign the table items.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
cloudenthusiast
Highly Voted 2 years, 1 month ago
Selected Answer: C
To meet the requirements of providing end-to-end data protection and detecting unauthorized data changes in a web-based application that captures and stores sensitive data in an Amazon DynamoDB table, the most suitable solution would be option C: Use the DynamoDB Encryption Client, use client-side encryption, and sign the table items. The DynamoDB Encryption Client allows you to encrypt the data at the client-side before it is sent to DynamoDB. This ensures that the data is protected both in transit and at rest. By using client-side encryption, the sensitive data remains encrypted throughout its lifecycle, from the moment it leaves the client application until it is stored in DynamoDB. Additionally, signing the table items provides a mechanism for detecting unauthorized data changes. The signature ensures that the data has not been tampered with during transit or storage. If any unauthorized modifications occur, the signature verification will fail, indicating a potential security breach.
upvoted 7 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: C
DynamoDB encryption client, and client-side encryption to ensure end-to-end encryption to data, and only allows authorized data changes. C.
upvoted 1 times
...
[Removed]
1 year, 9 months ago
Selected Answer: C
Dated Question but the answer is C https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/client-server-side.html
upvoted 1 times
[Removed]
1 year, 9 months ago
Also from the link above "If you are encrypting data that you store in DynamoDB, we recommend the AWS Database Encryption SDK for DynamoDB. The AWS Encryption SDK is a client-side encryption library that helps you to encrypt and decrypt generic data. Although it can protect any type of data, it isn't designed to work with structured data, like database records. Unlike the AWS Database Encryption SDK for DynamoDB, the AWS Encryption SDK cannot provide item-level integrity checking and it has no logic to recognize attributes or prevent encryption of primary keys. If you use the AWS Encryption SDK to encrypt any element of your table, remember that it isn't compatible with the AWS Database Encryption SDK for DynamoDB. You cannot encrypt with one library and decrypt with the other."
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...