Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 357 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02

Question #: 357
Topic #: 1

[All AWS Certified Developer - Associate DVA-C02 Questions]

A developer is publishing critical log data to a log group in Amazon CloudWatch Logs. The log group was created 2 months ago. The developer must encrypt the log data by using an AWS Key Management Service (AWS KMS) key so that future data can be encrypted to comply with the company's security policy.

Which solution will meet this requirement with the LEAST effort?

A. Use the AWS Encryption SDK for encryption and decryption of the data before writing to the log group.
B. Use the AWS KMS console to associate the KMS key with the log group.
C. Use the AWS CLI aws logs create-log-group command, and specify the key Amazon Resource Name (ARN).
D. Use the AWS CLI aws logs associate-kms-key command, and specify the key Amazon Resource Name (ARN).

Show Suggested Answer

Suggested Answer: D 🗳️

by KarBiswa at March 23, 2024, 5:06 a.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Submit Cancel

albert_kuo

11 months, 2 weeks ago

Selected Answer: D

aws logs associate-kms-key --log-group-name <LogGroupName> --kms-key-id <KMSKeyARN>

upvoted 2 times

...

cachac

1 year ago

Selected Answer: D

associate-kms-key command. This command specifically associates a KMS key with an existing log group, which is exactly what the developer needs to do.

upvoted 3 times

...

65703c1

1 year, 1 month ago

Selected Answer: D

D is the correct answer.

upvoted 1 times

...

KarBiswa

1 year, 3 months ago

Selected Answer: D

https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html

upvoted 3 times

...