ExamTopics Logo
Mail Usteam@examtopics.com
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 681 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 681
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company uses Amazon EC2 instances and stores data on Amazon Elastic Block Store (Amazon EBS) volumes. The company must ensure that all data is encrypted at rest by using AWS Key Management Service (AWS KMS). The company must be able to control rotation of the encryption keys.

Which solution will meet these requirements with the LEAST operational overhead?

  • A. Create a customer managed key. Use the key to encrypt the EBS volumes.
  • B. Use an AWS managed key to encrypt the EBS volumes. Use the key to configure automatic key rotation.
  • C. Create an external KMS key with imported key material. Use the key to encrypt the EBS volumes.
  • D. Use an AWS owned key to encrypt the EBS volumes.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
Community vote distribution
A (88%)
13%
by meenkaza at Dec. 29, 2023, 5:28 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment. You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
pentium75
Highly Voted 9 months ago
Selected Answer: A
"Able to control rotation of the encryption keys" = customer managed key (created by AWS but managed by the customer in KMS)
upvoted 5 times
...
AAbirdy
Highly Voted 8 months, 2 weeks ago
Selected Answer: A
The company must be able to control rotation of the encryption keys = customer managed key
upvoted 5 times
...
Chen77
Most Recent 1 month, 2 weeks ago
Selected Answer: B
The company must ensure encryption at rest using AWS KMS and must control key rotation with minimal operational overhead. AWS Managed Keys are automatically managed by AWS, including automatic key rotation every year. This approach eliminates manual key management, reducing administrative effort.
upvoted 1 times
...
awsgeek75
8 months, 3 weeks ago
Selected Answer: A
"The company must be able to control rotation of the encryption keys." BD does not allow company owned keys C is too much operational overhead
upvoted 4 times
...
dikshya1233
8 months, 3 weeks ago
Selected Answer: B
The solution that meets the requirements with the LEAST operational overhead is: B. Use an AWS managed key to encrypt the EBS volumes. Use the key to configure automatic key rotation. With AWS managed keys (AWS managed CMKs), AWS takes care of key management tasks, including key rotation. This reduces operational overhead as AWS automatically handles key rotation without requiring manual intervention. It is a convenient option for users who want to ensure encryption at rest with minimal effort in managing encryption keys.
upvoted 2 times
awsgeek75
8 months, 3 weeks ago
AWS Manged keys don't meet the requirements "The company must be able to control rotation of the encryption keys."
upvoted 3 times
...
...
Shobhit2021
9 months ago
Selected Answer: A
A is correct option
upvoted 2 times
...
fea9bdf
9 months ago
Answer is C Details are on this link below: https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-bucket-encryption.html Amazon S3 buckets have bucket encryption enabled by default, and new objects are automatically encrypted by using server-side encryption with Amazon S3 managed keys (SSE-S3). This encryption applies to all new objects in your Amazon S3 buckets, and comes at no cost to you. If you need more control over your encryption keys, such as managing key rotation and access policy grants, you can elect to use server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS), or dual-layer server-side encryption with AWS KMS keys (DSSE-KMS). For more information about SSE-KMS, see Specifying server-side encryption with AWS KMS (SSE-KMS). For more information about DSSE-KMS, see Using dual-layer server-side encryption with AWS KMS keys (DSSE-KMS).
upvoted 1 times
pentium75
9 months ago
How does this relate to answer C? With "imported key material" you cannot "control rotation of the encryption keys" (except by importing new keys). SSE-KMS (as mentioned in your explanation = customer managed key = A
upvoted 2 times
...
...
Riajul
9 months ago
Should be option A
upvoted 2 times
...
Naijaboy99
9 months ago
option B is the correct answer with least operational overhead on admins
upvoted 1 times
OSHOAIB
8 months, 3 weeks ago
AWS managed keys do allow for automatic rotation, but the company does NOT have control over the rotation - AWS manages this automatically without company intervention.
upvoted 2 times
...
Naijaboy99
9 months ago
@meenkaza was right the answer is A
upvoted 3 times
...
...
meenkaza
9 months ago
Selected Answer: A
option A (Create a customer managed key. Use the key to encrypt the EBS volumes) is the most suitable option with the least operational overhead for the given requirements.
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
PL-600
Sofia, 1 minute ago