Exam AWS Certified Developer Associate All Questions

View all questions & answers for the AWS Certified Developer Associate exam

Exam AWS Certified Developer Associate topic 1 question 136 discussion

Exam question from Amazon's AWS Certified Developer Associate

Question #: 136
Topic #: 1

[All AWS Certified Developer Associate Questions]

An application running on multiple Amazon EC2 instances pulls messages from a standard Amazon SQS queue. A requirement for the application is that all messages must be encrypted at rest.
Developers are instructed to use methods that allow for centralized key management and minimize possible support requirements whenever possible.
Which of the following solutions supports these requirements?

A. Encrypt individual messages by using client-side encryption with customer managed keys, then write to the SQS queue.
B. Encrypt individual messages by using SQS Extended Client and the Amazon S3 encryption client.
C. Create an SQS queue, and encrypt the queue by using server-side encryption with AWS KMS.
D. Create an SQS queue, and encrypt the queue by using client-side encryption.

Show Suggested Answer

Suggested Answer: C 🗳️

by JaneJ at Oct. 5, 2020, 7:59 p.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Submit Cancel

jk0

Highly Voted 3 years, 8 months ago

C - SSE encrypts messages as soon as Amazon SQS receives them. The messages are stored in encrypted form and Amazon SQS decrypts messages only when they are sent to an authorized consumer. https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html

upvoted 17 times

...

snssqs

Highly Voted 3 years, 7 months ago

"Sewer" side encryption lol

upvoted 10 times

...

SD_CS

Most Recent 1 year, 3 months ago

Selected Answer: C

Has to be C https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html

upvoted 1 times

...

RachitNandi1997

1 year, 8 months ago

Selected Answer: B

B is the correct answer

upvoted 1 times

...

rcaliandro

1 year, 11 months ago

Selected Answer: C

"centralized key management" so KMS in order to encrypt server-side and manage the keys. The right answer is the C

upvoted 1 times

...

MrTee

2 years, 1 month ago

Selected Answer: C

SSE-KMS provides central key management, and the encryption keys can be rotated and managed through AWS KMS. By using SSE-KMS, developers can encrypt all messages in the SQS queue at rest.

upvoted 1 times

...

pancman

2 years, 3 months ago

Selected Answer: C

Answer is C

upvoted 1 times

...

sichilam

2 years, 4 months ago

C it is

upvoted 1 times

...

ayoubmk

2 years, 4 months ago

Selected Answer: C

We want AWS to manage Key for us ==> A is false SQS Extended Client enables you to manage Amazon SQS message payloads with Amazon S3 and haven't any relation with encryption ==> B is false We need a server side encryption ==> D is false we are left with the answer C :D

upvoted 4 times

tony554556

2 years, 3 months ago

great, thanks

upvoted 1 times

...

AulaitQM

2 years, 8 months ago

Selected Answer: C

I vote for C

upvoted 1 times

...

Franklin_Richards

2 years, 9 months ago

Always use the Sewer C

upvoted 2 times

...

JP_PA

3 years, 3 months ago

Selected Answer: C

ANS: C

upvoted 1 times

...

hemlatab

3 years, 4 months ago

Selected Answer: C

C is the answer.

upvoted 2 times

...

mnizamu

3 years, 4 months ago

C - Server-side encryption (SSE) lets you transmit sensitive data in encrypted queues. SSE protects the contents of messages in queues using SQS-owned encryption keys (SSE-SQS) or keys managed in the AWS Key Management Service (SSE-KMS). https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html

upvoted 1 times

...