ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 82 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 82
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

A developer is building a highly secure healthcare application using serverless components. This application requires writing temporary data to /tmp storage on an AWS Lambda function.

How should the developer encrypt this data?

  • A. Enable Amazon EBS volume encryption with an AWS KMS key in the Lambda function configuration so that all storage attached to the Lambda function is encrypted.
  • B. Set up the Lambda function with a role and key policy to access an AWS KMS key. Use the key to generate a data key used to encrypt all data prior to writing to /tmp storage.
  • C. Use OpenSSL to generate a symmetric encryption key on Lambda startup. Use this key to encrypt the data prior to writing to /tmp.
  • D. Use an on-premises hardware security module (HSM) to generate keys, where the Lambda function requests a data key from the HSM and uses that to encrypt data on all requests to the function.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by MrTee at April 25, 2023, 4:29 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sumanshu
4 months ago
Selected Answer: B
A) Eliminated - AWS Lambda does not use Amazon EBS volumes for its temporary /tmp storage. C) Eliminated - OpenSSL could theoretically generate a symmetric key, this approach is less secure and more error-prone compared to using AWS KMS D) Eliminated - Using an on-premises HSM adds unnecessary complexity and latency to a serverless application
upvoted 1 times
...
albert_kuo
7 months, 1 week ago
Selected Answer: B
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kms:Encrypt", "kms:Decrypt", "kms:GenerateDataKey", "kms:GenerateDataKeyWithoutPlaintext", "kms:ReEncrypt*" ], "Resource": "arn:aws:kms:region:account-id:key/key-id" } ] }
upvoted 2 times
...
65703c1
11 months, 1 week ago
Selected Answer: B
B is the correct answer.
upvoted 1 times
...
SerialiDr
1 year, 3 months ago
Selected Answer: B
AWS Key Management Service (KMS) provides secure management of encryption keys. The Lambda function can use a KMS key to generate data keys for encrypting and decrypting data. The Lambda function would require appropriate permissions to access the KMS key. This approach provides a high level of security, which is essential for a healthcare application.
upvoted 4 times
...
Milan61
1 year, 6 months ago
B is the solution
upvoted 1 times
...
Yuxing_Li
1 year, 8 months ago
Selected Answer: B
Go with B
upvoted 2 times
...
abdelbz16
1 year, 12 months ago
Selected Answer: B
B is the best solution
upvoted 4 times
...
MrTee
2 years ago
Selected Answer: B
is the best solution for encrypting temporary data written to /tmp storage on an AWS Lambda function
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago