ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Machine Learning - Specialty All Questions

View all questions & answers for the AWS Certified Machine Learning - Specialty exam
Go to Exam

Exam AWS Certified Machine Learning - Specialty topic 1 question 143 discussion

Exam question from Amazon's AWS Certified Machine Learning - Specialty
Question #: 143
Topic #: 1
[All AWS Certified Machine Learning - Specialty Questions]

A company will use Amazon SageMaker to train and host a machine learning (ML) model for a marketing campaign. The majority of data is sensitive customer data. The data must be encrypted at rest. The company wants AWS to maintain the root of trust for the master keys and wants encryption key usage to be logged.
Which implementation will meet these requirements?

  • A. Use encryption keys that are stored in AWS Cloud HSM to encrypt the ML data volumes, and to encrypt the model artifacts and data in Amazon S3.
  • B. Use SageMaker built-in transient keys to encrypt the ML data volumes. Enable default encryption for new Amazon Elastic Block Store (Amazon EBS) volumes.
  • C. Use customer managed keys in AWS Key Management Service (AWS KMS) to encrypt the ML data volumes, and to encrypt the model artifacts and data in Amazon S3.
  • D. Use AWS Security Token Service (AWS STS) to create temporary tokens to encrypt the ML storage volumes, and to encrypt the model artifacts and data in Amazon S3.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by exam_prep at May 28, 2022, 1:52 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
exam_prep
Highly Voted 2 years, 5 months ago
C is correct answer. Straight forward to use KMS.
upvoted 8 times
...
rav009
Most Recent 10 months ago
Selected Answer: C
"The company wants AWS to maintain the root of trust for the master keys" The reason A is wrong. So C
upvoted 1 times
...
Mickey321
1 year, 2 months ago
Selected Answer: C
option C
upvoted 1 times
...
AjoseO
1 year, 8 months ago
Selected Answer: C
Using customer managed keys in AWS KMS will allow the company to maintain the root of trust for the master keys, and AWS KMS will log key usage. This ensures that the encryption keys used to encrypt the ML data volumes and model artifacts are properly managed and secured. Additionally, using customer managed keys allows the company to have greater control over the encryption process.
upvoted 3 times
mirik
1 year, 3 months ago
"AWS Security Token Service (AWS STS) to create temporary tokens" - AWS STS also using KMS keys.
upvoted 1 times
...
...
Jerry84
1 year, 9 months ago
Selected Answer: C
https://docs.aws.amazon.com/kms/latest/developerguide/security-logging-monitoring.html
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago