ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 564 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 564
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company is building an ecommerce application and needs to store sensitive customer information. The company needs to give customers the ability to complete purchase transactions on the website. The company also needs to ensure that sensitive customer data is protected, even from database administrators.

Which solution meets these requirements?

  • A. Store sensitive data in an Amazon Elastic Block Store (Amazon EBS) volume. Use EBS encryption to encrypt the data. Use an IAM instance role to restrict access.
  • B. Store sensitive data in Amazon RDS for MySQL. Use AWS Key Management Service (AWS KMS) client-side encryption to encrypt the data.
  • C. Store sensitive data in Amazon S3. Use AWS Key Management Service (AWS KMS) server-side encryption to encrypt the data. Use S3 bucket policies to restrict access.
  • D. Store sensitive data in Amazon FSx for Windows Server. Mount the file share on application servers. Use Windows file permissions to restrict access.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Bmaster at Aug. 2, 2023, 2:27 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Guru4Cloud
Highly Voted 1 year, 4 months ago
Selected Answer: B
The key reasons are: RDS MySQL provides a fully managed database service well suited for an ecommerce application. AWS KMS client-side encryption allows encrypting sensitive data before it hits the database. The data remains encrypted at rest. This protects sensitive customer data from database admins and privileged users. EBS encryption (Option A) protects data at rest but not in use. IAM roles don't prevent admin access. S3 (Option C) encrypts data at rest on the server side. Bucket policies don't restrict admin access. FSx file permissions (Option D) don't prevent admin access to unencrypted data.
upvoted 12 times
...
pentium75
Highly Voted 1 year ago
Selected Answer: B
A, C and D would allow the administrator of the storage to access the data. Besides, it is data about "purchase transactions" which is usually stored in a transactional database (such as RDS for MySQL), not in a file or object storage.
upvoted 8 times
sidharthwader
8 months ago
Good thought purchase transactions I had missed that part
upvoted 2 times
...
...
SHAAHIBHUSHANAWS
Most Recent 1 year, 1 month ago
B I want to go with B as question is for database administrator. Also client key encryption is possible in code and KMS can be used for encryption but not using KMS keys. Encrypted data available in DB is of no use to DB admin.
upvoted 2 times
...
riyasara
1 year, 1 month ago
Answer is option C. option B is not ideal because Amazon RDS for MySQL is a relational database service that is optimized for structured data, not for storing sensitive customer information. Moreover, by using client-side encryption with AWS KMS, you need to encrypt and decrypt the data in your application code, which increases the risk of exposing your data in transit or at rest. You also need to manage the encryption keys yourself, which adds complexity and overhead to your application.
upvoted 2 times
awsgeek75
12 months ago
eCommerce data and transaction data are ideal for RDS which, when encrypted, is secure even from the DBA.
upvoted 2 times
...
pentium75
1 year ago
"optimized for structured data, not for storing sensitive customer information" ... Data related to "purchase transactions" is usually structured; that it contains "sensitive customer information" doesn't change the structured nature.
upvoted 4 times
...
...
wsdasdasdqwdaw
1 year, 2 months ago
I would go for B, because RDS (database admins), but I would like to see as well encryption at rest as well, not only in transit.
upvoted 2 times
...
mrsoa
1 year, 5 months ago
Selected Answer: B
Using client-side encryption we can protect specific fields and guarantee only decryption if the client has access to an API key, we can protect specific fields even from database admins
upvoted 3 times
...
D10SJoker
1 year, 5 months ago
Selected Answer: B
For me it's B because of "client-side encryption to encrypt the data"
upvoted 2 times
...
h8er
1 year, 5 months ago
keyword - database administrators
upvoted 5 times
...
Kiki_Pass
1 year, 5 months ago
Selected Answer: B
"even from database administrators" -> "Client Side encryption"
upvoted 4 times
...
Bmaster
1 year, 5 months ago
My choice is B
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel