Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 535 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 535
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company is building an Amazon Elastic Kubernetes Service (Amazon EKS) cluster for its workloads. All secrets that are stored in Amazon EKS must be encrypted in the Kubernetes etcd key-value store.

Which solution will meet these requirements?

  • A. Create a new AWS Key Management Service (AWS KMS) key. Use AWS Secrets Manager to manage, rotate, and store all secrets in Amazon EKS.
  • B. Create a new AWS Key Management Service (AWS KMS) key. Enable Amazon EKS KMS secrets encryption on the Amazon EKS cluster.
  • C. Create the Amazon EKS cluster with default options. Use the Amazon Elastic Block Store (Amazon EBS) Container Storage Interface (CSI) driver as an add-on.
  • D. Create a new AWS Key Management Service (AWS KMS) key with the alias/aws/ebs alias. Enable default Amazon Elastic Block Store (Amazon EBS) volume encryption for the account.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by AncaZalog at June 7, 2023, 9:14 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Guru4Cloud
Highly Voted 1 year, 3 months ago
Selected Answer: B
B is the correct solution to meet the requirement of encrypting secrets in the etcd store for an Amazon EKS cluster. The key points: Create a new KMS key to use for encryption. Enable EKS secrets encryption using that KMS key on the EKS cluster. This will encrypt secrets in the Kubernetes etcd store. Option A uses Secrets Manager which does not encrypt the etcd store. Option C uses EBS CSI which is unrelated to etcd encryption. Option D enables EBS encryption but does not address etcd encryption.
upvoted 6 times
...
TariqKipkemei
Highly Voted 1 year, 4 months ago
Selected Answer: B
EKS supports using AWS KMS keys to provide envelope encryption of Kubernetes secrets stored in EKS. Envelope encryption adds an addition, customer-managed layer of encryption for application secrets or user data that is stored within a Kubernetes cluster. https://eksctl.io/usage/kms-encryption/
upvoted 5 times
...
manuh
Most Recent 1 year, 4 months ago
Selected Answer: A
Why not a
upvoted 1 times
TariqKipkemei
1 year, 4 months ago
option A does not enable Amazon EKS KMS secrets encryption on the Amazon EKS cluster
upvoted 1 times
...
...
MrAWSAssociate
1 year, 5 months ago
Selected Answer: B
B is the right option. https://docs.aws.amazon.com/eks/latest/userguide/enable-kms.html
upvoted 4 times
...
alexandercamachop
1 year, 5 months ago
Selected Answer: B
It is B, because we need to encrypt inside of the EKS cluster, not outside. AWS KMS is to encrypt at rest.
upvoted 4 times
...
AncaZalog
1 year, 5 months ago
is B, not D
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel