Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 564 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 564
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company is building an ecommerce application and needs to store sensitive customer information. The company needs to give customers the ability to complete purchase transactions on the website. The company also needs to ensure that sensitive customer data is protected, even from database administrators.

Which solution meets these requirements?

  • A. Store sensitive data in an Amazon Elastic Block Store (Amazon EBS) volume. Use EBS encryption to encrypt the data. Use an IAM instance role to restrict access.
  • B. Store sensitive data in Amazon RDS for MySQL. Use AWS Key Management Service (AWS KMS) client-side encryption to encrypt the data.
  • C. Store sensitive data in Amazon S3. Use AWS Key Management Service (AWS KMS) server-side encryption to encrypt the data. Use S3 bucket policies to restrict access.
  • D. Store sensitive data in Amazon FSx for Windows Server. Mount the file share on application servers. Use Windows file permissions to restrict access.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Bmaster at Aug. 2, 2023, 2:27 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Guru4Cloud
Highly Voted 1 year, 3 months ago
Selected Answer: B
The key reasons are: RDS MySQL provides a fully managed database service well suited for an ecommerce application. AWS KMS client-side encryption allows encrypting sensitive data before it hits the database. The data remains encrypted at rest. This protects sensitive customer data from database admins and privileged users. EBS encryption (Option A) protects data at rest but not in use. IAM roles don't prevent admin access. S3 (Option C) encrypts data at rest on the server side. Bucket policies don't restrict admin access. FSx file permissions (Option D) don't prevent admin access to unencrypted data.
upvoted 8 times
...
pentium75
Highly Voted 10 months, 3 weeks ago
Selected Answer: B
A, C and D would allow the administrator of the storage to access the data. Besides, it is data about "purchase transactions" which is usually stored in a transactional database (such as RDS for MySQL), not in a file or object storage.
upvoted 7 times
sidharthwader
6 months, 2 weeks ago
Good thought purchase transactions I had missed that part
upvoted 1 times
...
...
SHAAHIBHUSHANAWS
Most Recent 11 months, 3 weeks ago
B I want to go with B as question is for database administrator. Also client key encryption is possible in code and KMS can be used for encryption but not using KMS keys. Encrypted data available in DB is of no use to DB admin.
upvoted 1 times
...
riyasara
12 months ago
Answer is option C. option B is not ideal because Amazon RDS for MySQL is a relational database service that is optimized for structured data, not for storing sensitive customer information. Moreover, by using client-side encryption with AWS KMS, you need to encrypt and decrypt the data in your application code, which increases the risk of exposing your data in transit or at rest. You also need to manage the encryption keys yourself, which adds complexity and overhead to your application.
upvoted 2 times
pentium75
10 months, 3 weeks ago
"optimized for structured data, not for storing sensitive customer information" ... Data related to "purchase transactions" is usually structured; that it contains "sensitive customer information" doesn't change the structured nature.
upvoted 3 times
...
awsgeek75
10 months, 2 weeks ago
eCommerce data and transaction data are ideal for RDS which, when encrypted, is secure even from the DBA.
upvoted 2 times
...
...
wsdasdasdqwdaw
1 year ago
I would go for B, because RDS (database admins), but I would like to see as well encryption at rest as well, not only in transit.
upvoted 1 times
...
mrsoa
1 year, 3 months ago
Selected Answer: B
Using client-side encryption we can protect specific fields and guarantee only decryption if the client has access to an API key, we can protect specific fields even from database admins
upvoted 2 times
...
D10SJoker
1 year, 3 months ago
Selected Answer: B
For me it's B because of "client-side encryption to encrypt the data"
upvoted 1 times
...
h8er
1 year, 3 months ago
keyword - database administrators
upvoted 4 times
...
Kiki_Pass
1 year, 3 months ago
Selected Answer: B
"even from database administrators" -> "Client Side encryption"
upvoted 3 times
...
Bmaster
1 year, 3 months ago
My choice is B
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel