ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 50 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 50
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A pharmaceutical company has digitized versions of historical prescriptions stored on premises. The company would like to move these prescriptions to AWS and perform analytics on the data in them. Any operation with this data requires that the data be encrypted in transit and at rest.
Which application flow would meet the data protection requirements on AWS?

  • A. Digitized files -> Amazon Kinesis Data Analytics
  • B. Digitized files -> Amazon Kinesis Data Firehose -> Amazon S3 -> Amazon Athena
  • C. Digitized files -> Amazon Kinesis Data Streams -> Kinesis Client Library consumer -> Amazon S3 -> Athena
  • D. Digitized files -> Amazon Kinesis Data Firehose -> Amazon Elasticsearch
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by BillyC at Aug. 25, 2019, 5:48 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
INASR
Highly Voted 3 years, 8 months ago
C is the correct answer . Kinesis data steams have SSE using AWS-KMS by default where producers or consumers do not have to do anything to encrypt or decrypt.
upvoted 21 times
andwill1001
2 years, 12 months ago
The answer is B. Not C. There's no reason to use STREAMS for what you are accomplishing here. This isn't real time logging data or something of the sort. You're using a large chunk of data that already exists. This is literally what Firehose is for.
upvoted 8 times
andwill1001
2 years, 12 months ago
The ultimate fact is that both could probably be used -- so you use the one that makes the most sense for what it's actually used for.
upvoted 1 times
...
andwill1001
2 years, 12 months ago
Also you need kinesis producer added to the stack in order for it work with library.
upvoted 3 times
...
...
Kdosec
3 years, 7 months ago
Agree with C, the question is mentioned about real-time analysic with this point "The company would like to move these prescriptions to AWS and perform analytics on the data in them". So, answer is Kinesis Data Streams. https://docs.aws.amazon.com/streams/latest/dev/introduction.html
upvoted 2 times
uninit
3 years, 5 months ago
It doesn't mention real-time analytics. How can data about historical prescriptions be real-time?
upvoted 16 times
...
...
...
ugreenhost
Highly Voted 3 years, 8 months ago
option A seems feasible (Amazon Kinesis Data Analytics is the easiest way to analyze streaming data, gain actionable insights, and respond to your business and customer needs in real time. Amazon Kinesis Data Analytics reduces the complexity of building, managing, and integrating streaming applications with other AWS services. SQL users can easily query streaming data or build entire streaming applications using templates and an interactive SQL editor.)
upvoted 15 times
ArizonaClassics
3 years, 8 months ago
you are right! Question is not asking for any query options or tools
upvoted 3 times
...
vnsuk
3 years, 7 months ago
which part of the A will do the encryption in transit and at rest
upvoted 1 times
Gustava6272
3 years, 7 months ago
Kinesis Data Analytics does has inbuild Data at rest and transit for both SQL and Apache Fling Ref:https://docs.aws.amazon.com/kinesisanalytics/latest/java/data-protection.html . But the flow is wrong . This services uses source that is Firehouse or Stream. So A is wrong.
upvoted 3 times
...
...
sapien45
2 years, 11 months ago
Good thiniking ,,,but ,,,,mazon Kinesis Data Analytics supports the following streaming sources for your application: A Kinesis data stream A Kinesis Data Firehose delivery stream https://docs.aws.amazon.com/kinesisanalytics/latest/dev/how-it-works-input.html A is out
upvoted 2 times
...
virtual
1 year, 4 months ago
Yes, seems to be good: "...The company would like to move these prescriptions to AWS and perform analytics on the data...". So good answer is A.
upvoted 1 times
...
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: B
Kinesis Data Analytics (which is basically SQL queries for real time analytics) requires a producer (digitzed files does not sound like a producer), which might be Kinesis Data Stream to ingest data into it. I would go with B. Straightforward solution.
upvoted 1 times
...
ITGURU51
2 years ago
Amazon Kinesis Data Firehose is a fully managed service for delivering real-time streaming data to destinations such as Amazon Simple Storage Service (Amazon S3), Amazon Redshift, Amazon OpenSearch Service, Amazon OpenSearch Serverless, Splunk, and any custom HTTP endpoint or HTTP endpoints owned by supported third-party service providers². It is an extract, transform, and load (ETL) service that reliably captures, transforms, and delivers streaming data to data lakes, data stores, and analytics services. B
upvoted 1 times
...
matrpro
2 years, 1 month ago
Selected Answer: B
B is correct. Firehouse uses HTTPS so it is protected/encrypted in transit and with S3 it is protected at rest. Athena is used for analytics. I was thinking about the D but ES is more for indexing content than to analitycs.
upvoted 2 times
...
gagol14
2 years, 1 month ago
I would say that option B is the most straightforward application flow that would meet the data protection requirements on AWS. Option B uses Amazon Kinesis Data Firehose, which automatically encrypts data at rest using AWS Key Management Service (AWS KMS) and encrypts data in transit using SSL/TLS. It also uses Amazon S3 and Amazon Athena, which both support encryption at rest and in transit by default . Option A is not a valid application flow because Amazon Kinesis Data Analytics does not accept digitized files as input, but rather a streaming source such as Amazon Kinesis Data Streams or Amazon Kinesis Data Firehose. Option C is possible but requires more configuration and code to enable encryption on Amazon Kinesis Data Streams and to use a Kinesis Client Library consumer to write data to Amazon S3. Option D is also possible but requires more configuration to enable encryption on Amazon Kinesis Data Firehose and Amazon Elasticsearch Service.
upvoted 3 times
...
sandeep4537
2 years, 3 months ago
Company like to move -> S3 ( Encryption in Transit and rest ) Analysis : Amazon Athena Digitized files -> Amazon Kinesis Data Firehose -> Amazon S3 -> Amazon Athena
upvoted 2 times
...
marvz
2 years, 4 months ago
According to ChatGPT: B. Digitized files -> Amazon Kinesis Data Firehose -> Amazon S3 -> Amazon Athena This application flow meets the data protection requirements as the data would be encrypted in transit by Kinesis Data Firehose and encrypted at rest in Amazon S3. Additionally, Amazon Athena can perform analytics on the encrypted data stored in Amazon S3.
upvoted 5 times
...
boooliyooo
2 years, 6 months ago
Selected Answer: B
Migrate these prescriptions - must have storage. Option A & D out Client library needs producer to aggregate - C is out leaves B
upvoted 6 times
...
skillz2investor
2 years, 6 months ago
Selected Answer: B
B is correct answer.
upvoted 1 times
...
DWsk
2 years, 7 months ago
Selected Answer: B
The question specifies that its historical data. You can eliminate C because you don't need a stream for data this isn't being created in real time.
upvoted 2 times
...
AdamWest
2 years, 7 months ago
Selected Answer: C
C - Kinesis Data Streams encrypts your data using an AWS Key Management Service (AWS KMS) key before storing the data at rest. When your Kinesis Data Firehose delivery stream reads the data from your data stream, Kinesis Data Streams first decrypts the data and then sends it to Kinesis Data Firehose
upvoted 2 times
...
arae
2 years, 7 months ago
Answer is A, read the question properly.
upvoted 1 times
...
CDV_fr
2 years, 8 months ago
The question must be wrong... You could definitely use ElasticSearch or Athena, or probably Firehose Analytics too (according to another answer). They all have encryption in transit and at rest. But ElasticSearch and Athena are really not for the same thing ! I voted B, because most of the time its S3 + Athena in this exam (mostly for CloudTrail logs, but whatever)
upvoted 4 times
...
vbal
2 years, 9 months ago
B - https://docs.aws.amazon.com/firehose/latest/dev/encryption.html
upvoted 3 times
...
dcasabona
2 years, 10 months ago
Selected Answer: B
I would go for b.
upvoted 3 times
...
ryuhei
2 years, 11 months ago
Selected Answer: C
The answer is C. Encryption is possible using Kinesis Data Streams. It cannot be encrypted with KinesisDataFirehose.
upvoted 1 times
hubekpeter
2 years, 6 months ago
It's a pipeline, on one side there's SSL/TLS encryption by default and you can use various targets. S3 can be one of them where you can use CMK, whatever so you'll meet the encryption at rest requiremet.
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel