ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 916 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 916
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company is designing an application on AWS that processes sensitive data. The application stores and processes financial data for multiple customers.

To meet compliance requirements, the data for each customer must be encrypted separately at rest by using a secure, centralized key management solution. The company wants to use AWS Key Management Service (AWS KMS) to implement encryption.

Which solution will meet these requirements with the LEAST operational overhead?

  • A. Generate a unique encryption key for each customer. Store the keys in an Amazon S3 bucket. Enable server-side encryption.
  • B. Deploy a hardware security appliance in the AWS environment that securely stores customer-provided encryption keys. Integrate the security appliance with AWS KMS to encrypt the sensitive data in the application.
  • C. Create a single AWS KMS key to encrypt all sensitive data across the application.
  • D. Create separate AWS KMS keys for each customer's data that have granular access control and logging enabled.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by officedepotadmin at Aug. 7, 2024, 2:22 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
officedepotadmin
Highly Voted 10 months, 4 weeks ago
Selected Answer: D
While enabling server-side encryption in S3 can manage encryption, it does not offer the same level of control and auditing as AWS KMS. Managing individual keys manually in S3 would also increase operational overhead.
upvoted 7 times
...
Jeyaluxshan
Most Recent 9 months, 4 weeks ago
D is with less management overhead
upvoted 2 times
...
dhewa
10 months, 2 weeks ago
Selected Answer: D
D is more secure
upvoted 2 times
...
[Removed]
10 months, 2 weeks ago
Selected Answer: D
D sounds right
upvoted 2 times
...
progounick
10 months, 2 weeks ago
Selected Answer: D
it is obvious that D is correct
upvoted 1 times
...
muhammadahmer36
10 months, 3 weeks ago
Selected Answer: D
hile enabling server-side encryption in S3 can manage encryption, it does not offer the same level of control and auditing as AWS KMS. Managing individual keys manually in S3 would also increase operational overhead.
upvoted 2 times
...
nebajp
10 months, 3 weeks ago
Selected Answer: D
D is the correct Answer
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel