ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 402 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 402
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company is preparing to store confidential data in Amazon S3. For compliance reasons, the data must be encrypted at rest. Encryption key usage must be logged for auditing purposes. Keys must be rotated every year.
Which solution meets these requirements and is the MOST operationally efficient?

  • A. Server-side encryption with customer-provided keys (SSE-C)
  • B. Server-side encryption with Amazon S3 managed keys (SSE-S3)
  • C. Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with manual rotation
  • D. Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with automatic rotation
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by dmscountera at March 11, 2021, 7:10 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Atanu_M
Highly Voted 3 years, 7 months ago
Ans. D - https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
upvoted 32 times
CloudMania
3 years, 6 months ago
From the link, "when you enable automatic key rotation for a customer managed CMK, AWS KMS generates new cryptographic material for the CMK every year."
upvoted 11 times
...
...
syu31svc
Highly Voted 3 years, 7 months ago
"operationally efficient" D fits the bill here
upvoted 7 times
...
BECAUSE
Most Recent 1 year, 11 months ago
Selected Answer: D
D is the answer
upvoted 1 times
...
queen101
2 years, 9 months ago
DDDDDDDDDDDDDDDDDDDDDDDD
upvoted 1 times
...
marklovesaws143
2 years, 9 months ago
Selected Answer: D
DDDDDDDDDDDDDDDDD
upvoted 1 times
...
slcheng
2 years, 10 months ago
Selected Answer: D
D is best as AWS best practice. Allow AWS manage and auto rotation the key.
upvoted 1 times
...
Ashu_0007
2 years, 11 months ago
Selected Answer: D
I think 1 year is the key point here as for CMK auto rotation, it happens after 1 year
upvoted 3 times
...
MalaMen
3 years ago
Selected Answer: D
Its answer D. auditing of encription key and key rotation both are only possible in AWS-KW
upvoted 3 times
...
Roro_Brother
3 years, 1 month ago
Selected Answer: D
Because D
upvoted 1 times
...
shirokame
3 years, 2 months ago
Still cannot understand why you guy choose KMS over SSE S3
upvoted 3 times
Venki_dev
3 years, 1 month ago
keys to be rotated every year.
upvoted 1 times
...
user0001
3 years, 1 month ago
because of the rotation
upvoted 2 times
...
...
jaijp
3 years, 3 months ago
Selected Answer: D
refer ->Can I rotate my keys? Ans:D https://aws.amazon.com/kms/faqs/#:~:text=You%20can%20choose%20to%20have%20AWS%20KMS%20automatically%20rotate%20KMS,KMS%20custom%20key%20store%20feature.
upvoted 2 times
...
IrfanHossain
3 years, 3 months ago
D is perfect, Automatic
upvoted 1 times
...
Parth9
3 years, 3 months ago
Selected Answer: D
D is Answer
upvoted 1 times
...
Parth9
3 years, 3 months ago
Answer is D
upvoted 1 times
...
PrinceMughal
3 years, 3 months ago
D D D D D
upvoted 1 times
...
joe2211
3 years, 4 months ago
Selected Answer: D
vote D
upvoted 1 times
...
aravinds4
3 years, 5 months ago
Selected Answer: B
server-side encryption with Amazon S3-managed encryption keys (SSE-S3) rotates the key automatically, and there is no requirement for using customer key, so B is an appropriate option https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingServerSideEncryption.html
upvoted 2 times
Hasi1989
3 years, 5 months ago
Since the question mentioned "Each Year" ideal answer is D When you enable automatic key rotation for a customer managed key, AWS KMS generates new cryptographic material for the KMS key every year. AWS KMS also saves the KMS key's older cryptographic material in perpetuity so it can be used to decrypt data that the KMS key encrypted. https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
upvoted 2 times
...
Zoroter
3 years ago
"Auditing of encryption key use is required."
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago