ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer Associate All Questions

View all questions & answers for the AWS Certified Developer Associate exam
Go to Exam

Exam AWS Certified Developer Associate topic 1 question 288 discussion

Exam question from Amazon's AWS Certified Developer Associate
Question #: 288
Topic #: 1
[All AWS Certified Developer Associate Questions]

A developer is creating a Java application that will store sensitive data in an Amazon DynamoDB table. The data must be encrypted at all times.

How can the developer meet this requirement?

  • A. Enable encryption at rest by using an AWS Key Management Service (AWS KMS) AWS owned key for the DynamoDB table.
  • B. Enable encryption at rest by using an AWS Key Management Service (AWS KMS) customer managed key for the DynamoDB table.
  • C. Implement client-side encryption in the application code by using the DynamoDB Encryption Client.
  • D. Use an HTTPS connection to encrypt data in transit.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by kapil206001 at Nov. 26, 2022, 7 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
lrom
Highly Voted 2 years, 6 months ago
Selected Answer: C
With server-side encryption, TLS encrypts your data in transit over an HTTPS connection. Your data is decrypted at the DynamoDB endpoint, and then re-encrypted before being stored in DynamoDB. Client-side encryption provides end-to-end protection for your data from its source through storage in DynamoDB and back to you. https://docs.aws.amazon.com/kms/latest/developerguide/services-dynamodb.html
upvoted 5 times
...
rcaliandro
Most Recent 1 year, 11 months ago
Selected Answer: C
So, let's proceede by exclusion. A and B are for sure incorrect because the encryption at rest doesn't meet the requirements. Then, since we have to encrypt the data at each stage, also the HTTPS protocol is not suitable because it encrypt data in transit but when we store on the database, it won't be encoded. For this reason, also D is incorrect. TBH, I didn't know that there is the possibility to use client-side encryption by using the DynamoDB Encryption Client but it is, according to the documentation: https://docs.aws.amazon.com/crypto/latest/userguide/awscryp-service-ddb-client.html So C is for sure correct given that the client-side encryption will provide us encryption everywhere in the cloud
upvoted 3 times
...
Suraj_7
2 years, 1 month ago
Selected Answer: B
optionB is correct
upvoted 1 times
...
fabriciollf
2 years, 6 months ago
Selected Answer: C
C is the correct answer
upvoted 1 times
...
DrCloud
2 years, 6 months ago
Selected Answer: C
Client-side and server-side encryption: "DynamoDB Encryption Client" supports client-side encryption, where you encrypt your table data before you send it to DynamoDB. However, DynamoDB provides a server-side encryption at rest feature that transparently encrypts your table when it is persisted to disk and decrypts it when you access the table. https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/client-server-side.html
upvoted 4 times
...
SoMaL69
2 years, 6 months ago
Selected Answer: C
https://docs.aws.amazon.com/kms/latest/developerguide/services-dynamodb.html In addition to encryption at rest, which is a server-side encryption feature, AWS provides the Amazon DynamoDB Encryption Client. This client-side encryption library enables you to protect your table data before submitting it to DynamoDB. With server-side encryption, TLS encrypts your data in transit over an HTTPS connection.
upvoted 3 times
...
michaldavid
2 years, 6 months ago
Selected Answer: B
I'm going for B as the data needs to be encrypted at all times
upvoted 1 times
...
k1kavi1
2 years, 6 months ago
Selected Answer: A
Choosing A
upvoted 1 times
...
kapil206001
2 years, 6 months ago
C DynomoDB encryts at rest by default using AWS owned key. FOr transit , use client side encryption using DynamoDB encryption client
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel