ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Data Engineer - Associate DEA-C01 All Questions

View all questions & answers for the AWS Certified Data Engineer - Associate DEA-C01 exam
Go to Exam

Exam AWS Certified Data Engineer - Associate DEA-C01 topic 1 question 106 discussion

Exam question from Amazon's AWS Certified Data Engineer - Associate DEA-C01
Question #: 106
Topic #: 1
[All AWS Certified Data Engineer - Associate DEA-C01 Questions]

A company uses a data lake that is based on an Amazon S3 bucket. To comply with regulations, the company must apply two layers of server-side encryption to files that are uploaded to the S3 bucket. The company wants to use an AWS Lambda function to apply the necessary encryption.

Which solution will meet these requirements?

  • A. Use both server-side encryption with AWS KMS keys (SSE-KMS) and the Amazon S3 Encryption Client.
  • B. Use dual-layer server-side encryption with AWS KMS keys (DSSE-KMS).
  • C. Use server-side encryption with customer-provided keys (SSE-C) before files are uploaded.
  • D. Use server-side encryption with AWS KMS keys (SSE-KMS).
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by tgv at June 15, 2024, 11:09 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sdas1
Highly Voted 10 months, 2 weeks ago
Answer is B
upvoted 5 times
...
samadal
Most Recent 8 months, 3 weeks ago
Selected Answer: B
The most crucial objective in the problem is "Two layers of server-side encryption must be applied." A: SSE-KMS is a single-layer server-side encryption that uses AWS KMS keys to encrypt data. The Amazon S3 Encryption Client performs client-side encryption, not server-side encryption. C: SSE-C is server-side encryption that uses customer-provided encryption keys to encrypt data. This does not provide two layers of encryption. D: SSE-KMS is a single-layer server-side encryption. It does not meet the encryption requirement of two layers of encryption. B: DSSE-KMS (dual-layer server-side encryption) uses two layers of encryption to encrypt data using keys managed by AWS KMS. The first layer is used to encrypt the data key, and the second layer is used to encrypt the actual data. This provides the two layers of server-side encryption required to meet compliance requirements.
upvoted 3 times
...
Ja13
10 months, 1 week ago
Selected Answer: B
B. Use dual-layer server-side encryption with AWS KMS keys (DSSE-KMS). Dual-layer server-side encryption with AWS KMS keys (DSSE-KMS) is specifically designed to apply two layers of encryption to meet regulatory compliance requirements. This ensures that each object stored in Amazon S3 is encrypted twice, providing the additional security layer that the company needs.
upvoted 2 times
...
bakarys
10 months, 1 week ago
Selected Answer: A
The solution that will meet these requirements is Option A: Use both server-side encryption with AWS KMS keys (SSE-KMS) and the Amazon S3 Encryption Client. This approach provides two layers of encryption. The first layer is the server-side encryption with AWS KMS keys (SSE-KMS), which encrypts the data at rest. The second layer is the client-side encryption using the Amazon S3 Encryption Client before the data is uploaded to S3. This way, the data is already encrypted when it arrives at S3 and then it gets encrypted again by S3, thus providing two layers of encryption. The other options are not as suitable: Option B: There’s no such thing as dual-layer server-side encryption with AWS KMS keys (DSSE-KMS). Option C: Server-side encryption with customer-provided keys (SSE-C) only provides one layer of encryption. Option D: Server-side encryption with AWS KMS keys (SSE-KMS) also only provides one layer of encryption
upvoted 1 times
samadal
8 months, 3 weeks ago
1) DSSE-KMS is a real feature. In 2021, AWS announced Dual-Layer Server-Side Encryption (DSSE-KMS) for S3. This feature can be used with S3 Managed Keys (SSE-S3) to provide an additional layer of security for your data. 2) Two-layer encryption generally refers to applying two different encryption mechanisms within the same system or service. Client-side encryption encrypts data before it reaches S3, so S3 itself treats data as already encrypted. Therefore, SSE-KMS does not provide an additional layer of encryption for client-side encrypted data; it simply encrypts already encrypted data once more. This may not provide much of a practical security enhancement. DSSE-KMS, on the other hand, encrypts data twice within S3 using two different keys, effectively providing two layers of encryption. Using client-side encryption together with SSE-KMS can provide an additional layer of security, but is not two-tier server-side encryption in the strict sense.
upvoted 1 times
...
...
sdas1
10 months, 2 weeks ago
Using dual-layer server-side encryption with AWS Key Management Service (AWS KMS) keys (DSSE-KMS) applies two layers of encryption to objects when they are uploaded to Amazon S3. DSSE-KMS helps you more easily fulfill compliance standards that require you to apply multilayer encryption to your data and have full control of your encryption keys.
upvoted 1 times
...
HunkyBunky
10 months, 2 weeks ago
Selected Answer: B
I guess that right answer is - B https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingDSSEncryption.html
upvoted 2 times
...
sdas1
10 months, 2 weeks ago
Answer is D
upvoted 1 times
...
tgv
10 months, 4 weeks ago
Selected Answer: B
https://docs.aws.amazon.com/AmazonS3/latest/userguide/specifying-dsse-encryption.html
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago