ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 256 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 256
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company has millions of objects in an Amazon S3 bucket. The objects are in the S3 Standard storage class. All the S3 objects are accessed frequently. The number of users and applications that access the objects is increasing rapidly. The objects are encrypted with server-side encryption with AWS KMS keys (SSE-KMS).

A solutions architect reviews the company’s monthly AWS invoice and notices that AWS KMS costs are increasing because of the high number of requests from Amazon S3. The solutions architect needs to optimize costs with minimal changes to the application.

Which solution will meet these requirements with the LEAST operational overhead?

  • A. Create a new S3 bucket that has server-side encryption with customer-provided keys (SSE-C) as the encryption type. Copy the existing objects to the new S3 bucket. Specify SSE-C.
  • B. Create a new S3 bucket that has server-side encryption with Amazon S3 managed keys (SSE-S3) as the encryption type. Use S3 Batch Operations to copy the existing objects to the new S3 bucket. Specify SSE-S3.
  • C. Use AWS CloudHSM to store the encryption keys. Create a new S3 bucket. Use S3 Batch Operations to copy the existing objects to the new S3 bucket. Encrypt the objects by using the keys from CloudHSM.
  • D. Use the S3 Intelligent-Tiering storage class for the S3 bucket. Create an S3 Intelligent-Tiering archive configuration to transition objects that are not accessed for 90 days to S3 Glacier Deep Archive.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by shree2023 at June 24, 2023, 7:01 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gd1
Highly Voted 1 year, 5 months ago
Selected Answer: B
This option switches the encryption method from using AWS Key Management Service (AWS KMS) to using server-side encryption with S3 managed keys (SSE-S3). This change can significantly reduce costs because AWS KMS charges per API request, while SSE-S3 does not have additional charges per API request beyond the S3 usage.
upvoted 15 times
...
Oznerol96_
Most Recent 9 months ago
Selected Answer: B
100% B
upvoted 1 times
...
GoKhe
12 months ago
Bucket key would have been an option here but it is not in the answers.
upvoted 4 times
...
career360guru
1 year ago
Selected Answer: B
Option B
upvoted 1 times
...
shizhan
1 year, 3 months ago
B https://aws.amazon.com/about-aws/whats-new/2020/12/amazon-s3-bucket-keys-reduce-the-costs-of-server-side-encryption-with-aws-key-management-service-sse-kms/
upvoted 2 times
...
Just_Ninja
1 year, 4 months ago
Selected Answer: B
B... Because SSE-S3 has no additional costs. SSE-C cost per month 0,00040 USD per GB encrypted Data on Top
upvoted 2 times
...
ggrodskiy
1 year, 4 months ago
Correct B.
upvoted 2 times
...
nicecurls
1 year, 5 months ago
Selected Answer: B
this is B
upvoted 1 times
...
NikkyDicky
1 year, 5 months ago
Selected Answer: B
B for sure
upvoted 1 times
...
SmileyCloud
1 year, 5 months ago
Selected Answer: B
None of this is correct. https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html, but let's go with B.
upvoted 1 times
...
Maria2023
1 year, 5 months ago
Selected Answer: B
I would actually expect an option with a bucket key as a possible answer since that's the purpose of it. From the available choices, I choose B.
upvoted 1 times
...
Alabi
1 year, 5 months ago
Selected Answer: B
By choosing option B, you can switch the encryption type from SSE-KMS to SSE-S3, which eliminates the need for AWS KMS requests, thereby reducing the associated costs. This solution requires minimal changes to the application and avoids additional operational overhead.
upvoted 4 times
...
i_am_robot
1 year, 5 months ago
Selected Answer: B
The goal here is to reduce the cost related to the usage of AWS KMS keys for server-side encryption. Using SSE-S3, which uses Amazon S3 managed keys for server-side encryption, would eliminate the additional cost related to KMS key usage while still maintaining a high level of security. Amazon S3 handles key management, which also reduces operational overhead. S3 Batch Operations can be used to efficiently copy the existing objects to the new bucket.
upvoted 3 times
...
PhuocT
1 year, 5 months ago
B, SSE-S3 does not incur additional costs.
upvoted 2 times
...
shree2023
1 year, 5 months ago
Selected Answer: B
B is the least operational overhead
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel