Exam AWS Certified Cloud Practitioner topic 1 question 695 discussion

weird question. The company is responsible for configuring the encryption, but aws is responsible for doing the encryption. I dont really know what they want us to answer here

Diría que la B ya que el enunciado quiere decir en mi opinión que quien debe activar la opción

al ser un servicio completamente gestionado es responsabilidad de aws

The Option is B

"For abstracted services, such as Amazon S3 and Amazon DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms, and customers access the endpoints to store and retrieve data. Customers are responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions." Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

B. The company AWS provides the tools and mechanisms for encryption, and it is the responsibility of the company to enable and configure encryption for their Amazon Aurora database clusters and snapshots. This includes setting up encryption keys, enabling encryption at rest, and ensuring that encryption in transit is properly configured if required.

Answer is A

in this case, the DB is amazon Aurora, so for Amazon Aurora, AWS manages the encryption of the database clusters and database snapshots by default. AWS provides encryption of data at rest and in transit for Amazon Aurora using industry-standard AES-256 encryption

According to the AWS shared responsibility model, the customer is responsible for encrypting data at rest within the database clusters and database snapshots. In the case of Amazon Aurora, AWS provides the customer with the option to encrypt their data at rest using keys they manage themselves through AWS Key Management Service (KMS), or using keys that AWS manages on behalf of the customer. However, regardless of which option is chosen, it is the customer's responsibility to enable encryption for their Aurora database clusters and Aurora database snapshots, and ensure that the encryption keys are properly managed and secured.

According to the AWS shared responsibility model, both AWS and the customer have responsibilities when it comes to encryption of data. In the case of Amazon Aurora, the encryption of database clusters and snapshots is managed by AWS, as this is a built-in feature of the service. However, the customer is responsible for managing the encryption keys used for this encryption. Therefore, the correct answer is A. AWS manages the encryption of the database clusters and database snapshots, while the company is responsible for managing the encryption keys used for this encryption.

In contrast to other RDS engines (like RDS MySQL or RDS Aurora PostgreSQL), Aurora Serverless is encrypted at rest by default. Not sure how this really works with the other items referenced. I hope I don;t get this one but if I do I guess I will have to go with AWS.

According to the AWS shared responsibility model, both AWS and the customer share responsibility for securing data and systems in the cloud.