exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 535 discussion

A company is building an Amazon Elastic Kubernetes Service (Amazon EKS) cluster for its workloads. All secrets that are stored in Amazon EKS must be encrypted in the Kubernetes etcd key-value store.

Which solution will meet these requirements?

  • A. Create a new AWS Key Management Service (AWS KMS) key. Use AWS Secrets Manager to manage, rotate, and store all secrets in Amazon EKS.
  • B. Create a new AWS Key Management Service (AWS KMS) key. Enable Amazon EKS KMS secrets encryption on the Amazon EKS cluster.
  • C. Create the Amazon EKS cluster with default options. Use the Amazon Elastic Block Store (Amazon EBS) Container Storage Interface (CSI) driver as an add-on.
  • D. Create a new AWS Key Management Service (AWS KMS) key with the alias/aws/ebs alias. Enable default Amazon Elastic Block Store (Amazon EBS) volume encryption for the account.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Guru4Cloud
Highly Voted 4 months ago
Selected Answer: B
B is the correct solution to meet the requirement of encrypting secrets in the etcd store for an Amazon EKS cluster. The key points: Create a new KMS key to use for encryption. Enable EKS secrets encryption using that KMS key on the EKS cluster. This will encrypt secrets in the Kubernetes etcd store. Option A uses Secrets Manager which does not encrypt the etcd store. Option C uses EBS CSI which is unrelated to etcd encryption. Option D enables EBS encryption but does not address etcd encryption.
upvoted 7 times
...
TariqKipkemei
Highly Voted 5 months ago
Selected Answer: B
EKS supports using AWS KMS keys to provide envelope encryption of Kubernetes secrets stored in EKS. Envelope encryption adds an addition, customer-managed layer of encryption for application secrets or user data that is stored within a Kubernetes cluster. https://eksctl.io/usage/kms-encryption/
upvoted 6 times
...
LeonSauveterre
Most Recent 2 weeks, 2 days ago
Selected Answer: B
"must be encrypted in the Kubernetes etcd key-value store" - that leaves B only.
upvoted 1 times
...
manuh
5 months, 4 weeks ago
Selected Answer: A
Why not a
upvoted 1 times
TariqKipkemei
5 months ago
option A does not enable Amazon EKS KMS secrets encryption on the Amazon EKS cluster
upvoted 2 times
...
...
MrAWSAssociate
6 months ago
Selected Answer: B
B is the right option. https://docs.aws.amazon.com/eks/latest/userguide/enable-kms.html
upvoted 5 times
...
alexandercamachop
6 months, 2 weeks ago
Selected Answer: B
It is B, because we need to encrypt inside of the EKS cluster, not outside. AWS KMS is to encrypt at rest.
upvoted 5 times
...
AncaZalog
6 months, 2 weeks ago
is B, not D
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago