ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 52 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 52
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company is planning to use Amazon S3 to store images uploaded by its users. The images must be encrypted at rest in Amazon S3. The company does not want to spend time managing and rotating the keys, but it does want to control who can access those keys.
What should a solutions architect use to accomplish this?

  • A. Server-Side Encryption with keys stored in an S3 bucket
  • B. Server-Side Encryption with Customer-Provided Keys (SSE-C)
  • C. Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
  • D. Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by frizzo at June 3, 2020, 1:11 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ritzxell
Highly Voted 3 years, 7 months ago
Answer is D Explanation: SSE-S3: AWS manages both data key and master key SSE-KMS: AWS manages data key and you manage master key SSE-C: You manage both data key and master key
upvoted 99 times
mnsait
3 years, 6 months ago
Nicely put. Agree, answer is D.
upvoted 6 times
...
...
frizzo
Highly Voted 3 years, 8 months ago
D is correct. C & D are the same with the exception of D allowing for role separation and controlling access to the keys.
upvoted 38 times
aguy9
3 years, 7 months ago
Yep D is correct
upvoted 5 times
...
...
LEEOscar
Most Recent 1 year, 1 month ago
need KMS so D
upvoted 1 times
...
48cd959
1 year, 2 months ago
Selected Answer: D
Ans -D With AWS managed KMS, you can manage the access of keys.
upvoted 1 times
...
leeyoung
2 years, 6 months ago
Selected Answer: D
Answer is D
upvoted 1 times
...
_charissi
2 years, 7 months ago
Selected Answer: D
You gotta need KMS for controlling access
upvoted 1 times
...
Vibes
3 years, 6 months ago
D. AT rest in S3 ----> KMS
upvoted 2 times
...
app9273
3 years, 6 months ago
Answer is D Because if u want to control access of the keys, then u must use sse kms iam authorisation feature. This feature is not available in S3.
upvoted 5 times
...
karthisena
3 years, 6 months ago
Explanation: SSE-KMS requires that AWS manage the data key but you manage the customer master key (CMK) in AWS KMS. You can choose a customer managed CMK or the AWS managed CMK for Amazon S3 in your account. Customer managed CMKs are CMKs in your AWS account that you create, own, and manage. You have full control over these CMKs, including establishing and maintaining their key policies, IAM policies, and grants, enabling and disabling them, rotating their cryptographic material, adding tags, creating aliases that refer to the CMK, and scheduling the CMKs for deletion. For this scenario, the solutions architect should use SSE-KMS with a customer managed CMK. That way KMS will manage the data key but the company can configure key policies defining who can access the keys. CORRECT: "Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)" is the correct answer.
upvoted 2 times
...
karthisena
3 years, 6 months ago
There are 4 methods of encrypting objects in S3 • SSE-S3: encrypts S3 objects using keys handled & managed by AWS • SSE-KMS: leverage AWS Key Management Service to manage encryption keys • SSE-C: when you want to manage your own encryption keys • Client Side Encryption
upvoted 4 times
...
woke
3 years, 6 months ago
D. Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)
upvoted 2 times
...
KK_uniq
3 years, 6 months ago
D is correct
upvoted 3 times
...
syu31svc
3 years, 6 months ago
D is correct as as Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS) helps define encryption using customer managed keys. Customer-managed keys are controlled by a user who can decide when to rotate, revoke, or delete them. Moreover, accessing and using the keys can be restricted; each key is wrapped with a policy that defines which users can execute an operation on it.
upvoted 2 times
...
mryala
3 years, 6 months ago
it's D
upvoted 1 times
...
Yogi
3 years, 6 months ago
Ans = D SSE-KMS
upvoted 1 times
...
Ankitrathi85
3 years, 6 months ago
D right
upvoted 1 times
...
arunchu
3 years, 6 months ago
D is good
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago