ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Machine Learning - Specialty All Questions

View all questions & answers for the AWS Certified Machine Learning - Specialty exam
Go to Exam

Exam AWS Certified Machine Learning - Specialty topic 1 question 193 discussion

Exam question from Amazon's AWS Certified Machine Learning - Specialty
Question #: 193
Topic #: 1
[All AWS Certified Machine Learning - Specialty Questions]

A company will use Amazon SageMaker to train and host a machine learning model for a marketing campaign. The data must be encrypted at rest. Most of the data is sensitive customer data. The company wants AWS to maintain the root of trust for the encryption keys and wants key usage to be logged.

Which solution will meet these requirements with the LEAST operational overhead?

  • A. Use AWS Security Token Service (AWS STS) to create temporary tokens to encrypt the storage volumes for all SageMaker instances and to encrypt the model artifacts and data in Amazon S3.
  • B. Use customer managed keys in AWS Key Management Service (AWS KMS) to encrypt the storage volumes for all SageMaker instances and to encrypt the model artifacts and data in Amazon S3.
  • C. Use encryption keys stored in AWS CloudHSM to encrypt the storage volumes for all SageMaker instances and to encrypt the model artifacts and data in Amazon S3.
  • D. Use SageMaker built-in transient keys to encrypt the storage volumes for all SageMaker instances. Enable default encryption ffnew Amazon Elastic Block Store (Amazon EBS) volumes.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by VinceCar at Nov. 27, 2022, 8:49 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
akhjhjk
Highly Voted 1 year, 5 months ago
Selected Answer: B
It seems to be B
upvoted 8 times
...
loict
Most Recent 8 months, 1 week ago
Selected Answer: B
A. NO - you don't want temporary access B. YES - best practice C. NO - CloudHSM is overkill vs. KMS D. NO - transient keys are transient
upvoted 2 times
...
Mickey321
8 months, 3 weeks ago
Selected Answer: B
AWS Key Management Service (AWS KMS) is a service that allows customers to create and manage encryption keys that can be used to encrypt data at rest in AWS services. AWS KMS provides a high level of security and control over the encryption keys, as well as integration with AWS CloudTrail to log key usage. By using customer managed keys in AWS KMS, the company can encrypt the storage volumes for all SageMaker instances, such as notebook instances, training instances, and endpoint instances. This can be done by specifying the KMS key ID when creating or updating the instances. The company can also encrypt the model artifacts and data in Amazon S3 by using the same or different KMS keys. This can be done by enabling server-side encryption with KMS keys when creating or updating the S3 buckets or objects.
upvoted 1 times
...
kaike_reis
9 months ago
Selected Answer: B
Letra B. Normalmente, falou de criptografia na AWS, falou de KMS.
upvoted 1 times
...
mirik
9 months, 4 weeks ago
Selected Answer: A
Why not "A"? I think using AWS STS to create temporary tokens is easier than create custom AWS KMS key.
upvoted 2 times
kaike_reis
9 months ago
STS is for other purpose.
upvoted 1 times
...
...
VinceCar
1 year, 5 months ago
why no B?
upvoted 3 times
dunhill
1 year, 5 months ago
It should be B. This question is the same as Q143.
upvoted 6 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago