Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Amazon Discussions

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 825 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 825
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company is planning to migrate data to an Amazon S3 bucket. The data must be encrypted at rest within the S3 bucket. The encryption key must be rotated automatically every year.

Which solution will meet these requirements with the LEAST operational overhead?

  • A. Migrate the data to the S3 bucket. Use server-side encryption with Amazon S3 managed keys (SSE-S3). Use the built-in key rotation behavior of SSE-S3 encryption keys.
  • B. Create an AWS Key Management Service (AWS KMS) customer managed key. Enable automatic key rotation. Set the S3 bucket's default encryption behavior to use the customer managed KMS key. Migrate the data to the S3 bucket.
  • C. Create an AWS Key Management Service (AWS KMS) customer managed key. Set the S3 bucket's default encryption behavior to use the customer managed KMS key. Migrate the data to the S3 bucket. Manually rotate the KMS key every year.
  • D. Use customer key material to encrypt the data. Migrate the data to the S3 bucket. Create an AWS Key Management Service (AWS KMS) key without key material. Import the customer key material into the KMS key. Enable automatic key rotation.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by haci at March 21, 2024, 8:21 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
f04dc74
2 weeks, 3 days ago
Option A
upvoted 1 times
...
sandordini
2 weeks, 4 days ago
Selected Answer: A
From May 2022 the scheduled rotation is 1 year (SSE-S3)
upvoted 2 times
...
3b196fc
1 month ago
A is wrong because you need to set the encryp options before send the data to S3.
upvoted 1 times
...
camps
1 month, 2 weeks ago
It's B.
upvoted 1 times
...
TruthWS
1 month, 3 weeks ago
A is correct because SSE-S3 help decrease the management
upvoted 2 times
...
Yushib
1 month, 3 weeks ago
Selected Answer: B
B is the right one
upvoted 2 times
...
haci
1 month, 3 weeks ago
Same with Question #202, I'll go with B but not sure
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel