ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 303 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 303
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

An online survey company runs its application in the AWS Cloud. The application is distributed and consists of microservices that run in an automatically scaled Amazon Elastic Container Service (Amazon ECS) cluster. The ECS cluster is a target for an Application Load Balancer (ALB). The ALB is a custom origin for an Amazon CloudFront distribution.

The company has a survey that contains sensitive data. The sensitive data must be encrypted when it moves through the application. The application's data-handling microservice is the only microservice that should be able to decrypt the data

Which solution will meet these requirements?

  • A. Create a symmetric AWS Key Management Service (AWS KMS) key that is dedicated to the data-handling microservice. Create a field-level encryption profile and a configuration. Associate the KMS key and the configuration with the CloudFront cache behavior.
  • B. Create an RSA key pair that is dedicated to the data-handing microservice. Upload the public key to the CloudFront distribution. Create a field-level encryption profile and a configuration. Add the configuration to the CloudFront cache behavior.
  • C. Create a symmetric AWS Key Management Service (AWS KMS) key that is dedicated to the data-handling microservice. Create a Lambda@Edge function. Program the function to use the KMS key to encrypt the sensitive data.
  • D. Create an RSA key pair that is dedicated to the data-handling microservice. Create a Lambda@Edge function. Program the function to use the private key of the RSA key pair to encrypt the sensitive data.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by airgead at Oct. 28, 2023, 12:06 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gonzales
Highly Voted 1 year, 6 months ago
Selected Answer: B
Please have a look at: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html steps: - Get a public key-private key pair - Create a field-level encryption profile - Create a field-level encryption configuration - Link to a cache behavior An RSA key pair includes a private and a public key (asymmetric)
upvoted 15 times
...
career360guru
Highly Voted 1 year, 5 months ago
Selected Answer: B
You need to RSA key for Field levell Encryption and not KMS Symmetric Key so B is the right answer
upvoted 6 times
...
TomTom
Most Recent 4 months, 4 weeks ago
Selected Answer: C
Why not C? By using KMS and Lambda@Edge, you can ensure that sensitive data is encrypted both at rest and in transit, providing a robust and secure solution for your distributed application.
upvoted 1 times
...
AzureDP900
5 months, 1 week ago
Here's why option B works: Creating an RSA key pair allows you to generate a public-private key pair, where the private key is used for decryption and the public key is used for encryption. Uploading the public key to CloudFront allows the distribution to use this key to encrypt sensitive data as it moves through the application. Using field-level encryption with CloudFront and Amazon S3 ensures that only the data-handling microservice (which has access to the private key) can decrypt the sensitive data.
upvoted 1 times
...
Chakanetsa
7 months ago
Selected Answer: B
The following steps provide an overview of setting up field-level encryption. For specific steps, see Set up field-level encryption. -Get a public key-private key pair. -Create a field-level encryption profile -Create a field-level encryption configuration. -Link to a cache behavior.
upvoted 2 times
...
9f02c8d
11 months ago
Option B - field-level encryption requires public/private key pair
upvoted 3 times
...
VerRi
1 year ago
Selected Answer: B
field-level encryption in CloudFront uses asymmetric encryption with RSA key
upvoted 1 times
...
Russs99
1 year, 3 months ago
Selected Answer: A
CloudFront only supports field-level encryption with symmetric KMS keys, not with RSA keys. in this specific scenario, Option A would be the correct answer because it leverages the native capabilities of CloudFront and meets the requirement of centralized key management for decrypting sensitive data.
upvoted 4 times
Russs99
1 year, 3 months ago
B is correct, Not A
upvoted 2 times
...
...
cachac
1 year, 5 months ago
Selected Answer: B
ALGORITHM: CloudFront uses RSA/ECB/OAEPWithSHA-256AndMGF1Padding as the algorithm for encrypting, so you must use the same algorithm to decrypt the data. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html#field-level-encryption-decrypt
upvoted 3 times
...
KungLjao
1 year, 6 months ago
Selected Answer: B
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html
upvoted 2 times
...
airgead
1 year, 6 months ago
Answer: A use field-level encryption with AWS Key Management Service (KMS) so that it can encrypt when send through Cloud Distribution and only the specific microservice with access to the appropriate KMS key can decrypt it. RSA does not work as Microservice data handling cannot decrypt it. It does not require Lambda @Edge to perform to encrypt the data, just Associate the KMS key and the configuration with the CloudFront cache behavio
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago