ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 120 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 120
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company is running a highly sensitive application on Amazon EC2 backed by an Amazon RDS database. Compliance regulations mandate that all personally identifiable information (PII) be encrypted at rest.
Which solution should a solutions architect recommend to meet this requirement with the LEAST amount of changes to the infrastructure?

  • A. Deploy AWS Certificate Manager to generate certificates. Use the certificates to encrypt the database volume.
  • B. Deploy AWS CloudHSM, generate encryption keys, and use the keys to encrypt database volumes.
  • C. Configure SSL encryption using AWS Key Management Service (AWS KMS) to encrypt database volumes.
  • D. Configure Amazon Elastic Block Store (Amazon EBS) encryption and Amazon RDS encryption with AWS Key Management Service (AWS KMS) keys to encrypt instance and database volumes.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by BoboChow at Sept. 5, 2022, 8:19 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Six_Fingered_Jose
2 years, 7 months ago
Selected Answer: D
answer is D, question is looking for encryption at rest, SSL is encryption in transit
upvoted 3 times
Umapada
2 years, 7 months ago
yes, SSL is for transit.
upvoted 1 times
...
...
ogerber
2 years, 7 months ago
Selected Answer: C
least changed to infrastructure! its C
upvoted 1 times
...
josh_fan
2 years, 8 months ago
Selected Answer: D
Please vote D, as C is for encrypting data in transit. Believe me, I have CISSP certification.
upvoted 1 times
...
Ekie
2 years, 8 months ago
I am going with D. SSL/Cert to encrypt in transit. plus must to make sure that data is encrypted at rest wherever it's resting :) at any point of time. while there might be data processed by EC2 using it's EBS, I will go ahead and encrypted it as well as the final destination which is the RDS
upvoted 1 times
...
qax2022
2 years, 9 months ago
Selected Answer: C
c is easier
upvoted 1 times
Sinaneos
2 years, 8 months ago
SSL is mostly for Encrypting data in transit: https://www.websecurity.digicert.com/security-topics/what-is-ssl-tls-https
upvoted 1 times
...
...
BoboChow
2 years, 9 months ago
I'm coufused by C and D
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel