Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 681 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 681
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company uses Amazon EC2 instances and stores data on Amazon Elastic Block Store (Amazon EBS) volumes. The company must ensure that all data is encrypted at rest by using AWS Key Management Service (AWS KMS). The company must be able to control rotation of the encryption keys.

Which solution will meet these requirements with the LEAST operational overhead?

  • A. Create a customer managed key. Use the key to encrypt the EBS volumes.
  • B. Use an AWS managed key to encrypt the EBS volumes. Use the key to configure automatic key rotation.
  • C. Create an external KMS key with imported key material. Use the key to encrypt the EBS volumes.
  • D. Use an AWS owned key to encrypt the EBS volumes.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by meenkaza at Dec. 29, 2023, 5:28 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
AAbirdy
9 months ago
Selected Answer: A
The company must be able to control rotation of the encryption keys = customer managed key
upvoted 4 times
...
awsgeek75
9 months ago
Selected Answer: A
"The company must be able to control rotation of the encryption keys." BD does not allow company owned keys C is too much operational overhead
upvoted 3 times
...
dikshya1233
9 months, 1 week ago
Selected Answer: B
The solution that meets the requirements with the LEAST operational overhead is: B. Use an AWS managed key to encrypt the EBS volumes. Use the key to configure automatic key rotation. With AWS managed keys (AWS managed CMKs), AWS takes care of key management tasks, including key rotation. This reduces operational overhead as AWS automatically handles key rotation without requiring manual intervention. It is a convenient option for users who want to ensure encryption at rest with minimal effort in managing encryption keys.
upvoted 2 times
awsgeek75
9 months ago
AWS Manged keys don't meet the requirements "The company must be able to control rotation of the encryption keys."
upvoted 2 times
...
...
Shobhit2021
9 months, 2 weeks ago
Selected Answer: A
A is correct option
upvoted 1 times
...
pentium75
9 months, 2 weeks ago
Selected Answer: A
"Able to control rotation of the encryption keys" = customer managed key (created by AWS but managed by the customer in KMS)
upvoted 4 times
...
fea9bdf
9 months, 2 weeks ago
Answer is C Details are on this link below: https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-bucket-encryption.html Amazon S3 buckets have bucket encryption enabled by default, and new objects are automatically encrypted by using server-side encryption with Amazon S3 managed keys (SSE-S3). This encryption applies to all new objects in your Amazon S3 buckets, and comes at no cost to you. If you need more control over your encryption keys, such as managing key rotation and access policy grants, you can elect to use server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS), or dual-layer server-side encryption with AWS KMS keys (DSSE-KMS). For more information about SSE-KMS, see Specifying server-side encryption with AWS KMS (SSE-KMS). For more information about DSSE-KMS, see Using dual-layer server-side encryption with AWS KMS keys (DSSE-KMS).
upvoted 1 times
pentium75
9 months, 2 weeks ago
How does this relate to answer C? With "imported key material" you cannot "control rotation of the encryption keys" (except by importing new keys). SSE-KMS (as mentioned in your explanation = customer managed key = A
upvoted 1 times
...
...
Riajul
9 months, 3 weeks ago
Should be option A
upvoted 1 times
...
Naijaboy99
9 months, 3 weeks ago
option B is the correct answer with least operational overhead on admins
upvoted 1 times
Naijaboy99
9 months, 3 weeks ago
@meenkaza was right the answer is A
upvoted 2 times
...
OSHOAIB
9 months, 1 week ago
AWS managed keys do allow for automatic rotation, but the company does NOT have control over the rotation - AWS manages this automatically without company intervention.
upvoted 1 times
...
...
meenkaza
9 months, 3 weeks ago
Selected Answer: A
option A (Create a customer managed key. Use the key to encrypt the EBS volumes) is the most suitable option with the least operational overhead for the given requirements.
upvoted 4 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel