ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer Associate All Questions

View all questions & answers for the AWS Certified Developer Associate exam
Go to Exam

Exam AWS Certified Developer Associate topic 1 question 368 discussion

Exam question from Amazon's AWS Certified Developer Associate
Question #: 368
Topic #: 1
[All AWS Certified Developer Associate Questions]

A developer is creating an Amazon DynamoDB table by using the AWS CLI. The DynamoDB table must use server-side encryption with an AWS owned encryption key.

How should the developer create the DynamoDB table to meet these requirements?

  • A. Create an AWS Key Management Service (AWS KMS) customer managed key. Provide the key’s Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table.
  • B. Create an AWS Key Management Service (AWS KMS) AWS managed key. Provide the key’s Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table.
  • C. Create an AWS owned key. Provide the key’s Amazon Resource Name (ARN) in the KMSMasterKeyId parameter during creation of the DynamoDB table.
  • D. Create the DynamoDB table with the default encryption options.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by KT_Yu at Jan. 20, 2023, 3:30 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
a15ce96
1 year, 1 month ago
Selected Answer: D
If the question asked for "the access to DynamoDB should be monitored via CloudTrail" or "need a centralized place to store the key", we'd need to go with KMS. Since there are no such details, D option is acceptable.
upvoted 1 times
a15ce96
1 year, 1 month ago
I'm sorry, not ""the access to DynamoDB", but ""the access to key". Meaning we can audit actions made on KMS
upvoted 1 times
...
...
Ankit1010
2 years, 2 months ago
D The correct answer is D. When creating an Amazon DynamoDB table using the AWS CLI, server-side encryption with an AWS owned encryption key is enabled by default. Therefore, the developer does not need to create an AWS KMS key or specify the KMSMasterKeyId parameter. Option A and B are incorrect because they suggest creating customer-managed and AWS-managed KMS keys, which are not needed in this scenario. Option C is also incorrect because AWS owned keys are automatically used for server-side encryption by default.
upvoted 4 times
AgboolaKun
1 year, 10 months ago
Thank you for your thorough explanation. You are actually the only one who correctly explained why D is the correct answer. Creating DynamoDB with CLI gives you access to AWS owned key by default. This is explained in the link here - https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/encryption.tutorial.html
upvoted 1 times
...
...
Drey
2 years, 2 months ago
Selected Answer: B
It's B.
upvoted 1 times
Drey
2 years, 2 months ago
changed my mind, it's D.
upvoted 1 times
...
...
JulietHsu
2 years, 3 months ago
Selected Answer: D
DynamoDB default encryption
upvoted 4 times
...
KT_Yu
2 years, 3 months ago
Selected Answer: D
Answer should be D
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago