ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 284 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 284
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A company is building an interactive application for personal finance. The application stores financial data in Amazon S3, and the data must be encrypted. The company does not want to provide its own encryption keys. However, the company wants to maintain an audit trail that shows when an encryption key was used and who used the key.

Which solution will meet these requirements?

  • A. Use client-side encryption with client-provided keys. Upload the encrypted user data to Amazon S3.
  • B. Use server-side encryption with S3 managed encryption keys (SSE-S3) to encrypt the user data on Amazon S3.
  • C. Use server-side encryption with customer-provided encryption keys (SSE-C) to encrypt the user data on Amazon S3.
  • D. Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS) to encrypt the user data on Amazon S3.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by kondratyevmn at May 11, 2023, 8:13 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nharaz
10 months ago
Selected Answer: D
While SSE-S3 is convenient, it doesn't allow the company to have control over key management or maintain a detailed audit trail for key usage. AWS KMS provides detailed audit logs through AWS CloudTrail, which allows you to monitor and log all API calls related to key usage
upvoted 3 times
...
Learning4life
11 months ago
Answer D: with SSE-KMS, you have more control over your keys than you do with SSE-S3. For example, you can follow the keys in AWS Cloud Trail.
upvoted 1 times
...
kondratyevmn
1 year, 5 months ago
Selected Answer: D
https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#auditing_key_use
upvoted 3 times
jipark
1 year, 2 months ago
why not B : SSE-S3 do not provide detailed audit.
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago