exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam

Exam AWS Certified Security - Specialty topic 1 question 304 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 304
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company hosts a web-based application that captures and stores sensitive data in an Amazon DynamoDB table. A security audit reveals that the application does not provide end-to-end data protection or the ability to detect unauthorized data changes. The software engineering team needs to make changes that will address the audit findings.
Which set of steps should the software engineering team take?

  • A. Use an AWS Key Management Service (AWS CMK) CMK. Encrypt the data at rest.
  • B. Use AWS Certificate Manager (ACM) Private Certificate Authority. Encrypt the data in transit.
  • C. Use a DynamoDB encryption client. Use client-side encryption and sign the table items.
  • D. Use the AWS Encryption SDK. Use client-side encryption and sign the table items.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
sam_live
Highly Voted 3 years, 5 months ago
Answer C. https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/what-is-ddb-encrypt.html
upvoted 6 times
nico73
2 years ago
according with this link, the answer should be D: "Our client-side encryption library was renamed to the AWS Database Encryption SDK."
upvoted 1 times
captainpike
1 year, 11 months ago
No. AWS Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html) and AWS Database Encryption SDK (former Dybamo DB encryption client) are 2 different things. So the link enforce the use of AWS Database Encryption SDK that is formely known as Dybamo DB encryption client. Likely this question was not updated.
upvoted 1 times
...
...
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: C
DynamoDB encryption client, and client-side encryption to ensure end-to-end encryption to data, and only allows authorized data changes. C.
upvoted 1 times
...
epomatti
1 year, 8 months ago
Selected Answer: C
Answer: C Keep in mind that "DynamoDB encryption client" has been renamed to AWS Database Encryption SDK (which is NOT the same as AWS Encryption SDK).
upvoted 1 times
...
Toptip
2 years, 1 month ago
Selected Answer: C
C = "DynamoDB encryption client"
upvoted 1 times
...
Jimmy123
2 years, 5 months ago
Selected Answer: D
Option D, using the AWS Encryption SDK for client-side encryption and signing of the DynamoDB table items, is the correct option that addresses the audit findings for end-to-end data protection and the ability to detect unauthorized data changes.
upvoted 2 times
...
sapien45
2 years, 10 months ago
Selected Answer: C
The DynamoDB Encryption Client supports client-side encryption, where you encrypt your table data before you send it to DynamoDB. However, DynamoDB provides a server-side encryption at rest feature that transparently encrypts your table when it is persisted to disk and decrypts it when you access the table.
upvoted 3 times
...
sapien45
2 years, 10 months ago
Selected Answer: C
https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/client-server-side.html
upvoted 1 times
...
dcasabona
2 years, 11 months ago
Selected Answer: C
I go for option C.
upvoted 1 times
...
teo2157
3 years, 2 months ago
I'll go for A, as the DynamoDB Encryption Client is designed to be implemented in new, unpopulated databases and this is an existing database. https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/what-is-ddb-encrypt.html
upvoted 1 times
dcasabona
2 years, 11 months ago
the question says "end to end encryption", and option A says "encrypt the data at rest". So, it is NOT an option.
upvoted 1 times
...
...
fortune
3 years, 5 months ago
DynamoDB protects user data stored at rest and also data in transit between on-premises clients and DynamoDB, and between DynamoDB and other AWS resources within the same AWS Region. C is the right answer
upvoted 1 times
...
remyy
3 years, 6 months ago
The answer is C
upvoted 2 times
...
argol
3 years, 6 months ago
The DynamoDB Encryption Client supports client-side encryption, where you encrypt your table data before you send it to DynamoDB. However, DynamoDB provides a server-side encryption at rest feature that transparently encrypts your table when it is persisted to disk and decrypts it when you access the table. C is the answer
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...