A developer needs to use Amazon DynamoDB to store customer orders. The developer's company requires all customer data to be encrypted at rest with a key that the company generates. What should the developer do to meet these requirements?
A.
Create the DynamoDB table with encryption set to None. Code the application to use the key to decrypt the data when the application reads from the table. Code the application to use the key to encrypt the data when the application writes to the table.
B.
Store the key by using AWS Key Management Service (AWS KMS). Choose an AWS KMS customer managed key during creation of the DynamoDB table. Provide the Amazon Resource Name (ARN) of the AWS KMS key.
C.
Store the key by using AWS Key Management Service (AWS KMS). Create the DynamoDB table with default encryption. Include the kms:Encrypt parameter with the Amazon Resource Name (ARN) of the AWS KMS key when using the DynamoDB software development kit (SDK).
D.
Store the key by using AWS Key Management Service (AWS KMS). Choose an AWS KMS AWS managed key during creation of the DynamoDB table. Provide the Amazon Resource Name (ARN) of the AWS KMS key.
B) Correct - Since the company requires a key that it generates and manages, the developer must choose a customer managed key.
A) Eliminated: If encryption is set to "None," the data will not be encrypted at rest by DynamoDB.
C) Eliminated - This is incorrect because default encryption uses AWS-managed keys, not customer managed keys. The company requires a key that it generates and manages.
There are two types of keys, Customer managed and AWS managed. In the question it says "encrypted with the key that the company generates", and that will be customer managed key, which the customer/company controls/creates. on the other hand customer has less/no control with aws managed key
Once the key is imported and stored to KMS, during the creation of a DynamoDB table is possible to directly select the KMS key from a drop down list of ARNs
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Vinafec
Highly Voted 2 years, 8 months agosindra
Highly Voted 2 years, 8 months agosumanshu
Most Recent 4 months, 2 weeks agogilleep_17
1 year, 3 months agoAsmaZoheb
1 year, 3 months agoMehant
1 year, 10 months agorcaliandro
1 year, 10 months agoKrt5894
2 years, 2 months agohaazybanj
2 years, 6 months agoPVR
2 years, 7 months agom_t_kd
2 years, 8 months agoLEHUY
2 years, 8 months ago