ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 952 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 952
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company wants to move its application to a serverless solution. The serverless solution needs to analyze existing data and new data by using SQL. The company stores the data in an Amazon S3 bucket. The data must be encrypted at rest and replicated to a different AWS Region.

Which solution will meet these requirements with the LEAST operational overhead?

  • A. Create a new S3 bucket that uses server-side encryption with AWS KMS multi-Region keys (SSE-KMS). Configure Cross-Region Replication (CRR). Load the data into the new S3 bucket. Use Amazon Athena to query the data.
  • B. Create a new S3 bucket that uses server-side encryption with Amazon S3 managed keys (SSE-S3). Configure Cross-Region Replication (CRR). Load the data into the new S3 bucket. Use Amazon RDS to query the data.
  • C. Configure Cross-Region Replication (CRR) on the existing S3 bucket. Use server-side encryption with Amazon S3 managed keys (SSE-S3). Use Amazon Athena to query the data.
  • D. Configure S3 Cross-Region Replication (CRR) on the existing S3 bucket. Use server-side encryption with AWS KMS multi-Region keys (SSE-KMS). Use Amazon RDS to query the data.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by JunsK1e at Aug. 3, 2024, 11:13 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dhewa
Highly Voted 5 months, 2 weeks ago
Selected Answer: A
A wins because it gives us encryption with AWS KMS multi-Region keys
upvoted 5 times
...
FlyingHawk
Most Recent 2 weeks, 5 days ago
Selected Answer: A
Amazon S3 managed keys is region specific, for CRR, we must use KMS mult-region keys. https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
upvoted 2 times
FlyingHawk
1 week, 4 days ago
I checked AI, ChatGPT, Gemini , Claudi AI and DeepSeek think A is correct, but meta AI thinks C is correct. SSE-S3 is the default encryption, it will be least operational effort for sure. but with SSE-S3 (server-side encryption with S3-managed keys), AWS manages the encryption keys, and each region will use its own region-specific encryption key. There is no shared key between the source and destination buckets. AWS handles encryption and decryption seamlessly in each region. This approach is operationally simple but lacks control and consistency for encryption keys across regions.
upvoted 1 times
...
...
LeonSauveterre
1 month ago
Selected Answer: C
A - A new bucket + KMS multi-Region keys = Too much operational oversight. B - RDS is not a serverless solution C - By using the existing S3 bucket, you eliminate the need to create a new bucket and load data into it. D - Athena supports querying using SQL, so that rules out RDS.
upvoted 3 times
...
trinh_le
1 month ago
Selected Answer: C
It’s not require highly sensitive data or complexity gain permission. So it should use sse-s3 is suitable
upvoted 1 times
...
Anyio
1 month, 1 week ago
Selected Answer: C
The correct answer is C. Explanation: Option A: Incorrect. Although using AWS KMS multi-Region keys (SSE-KMS) and Amazon Athena to query the data meet the security and SQL querying requirements, creating a new S3 bucket and handling data migration increases operational overhead unnecessarily if the data already exists. Option C: Correct. Configuring Cross-Region Replication (CRR) on the existing S3 bucket makes efficient use of existing infrastructure and leverages server-side encryption with Amazon S3 managed keys (SSE-S3) to ensure data encryption at rest with lower operational complexity and costs compared to using KMS keys. Using Amazon Athena allows querying the data directly in S3, offering serverless and flexible SQL querying capabilities with minimal setup and operational overhead.
upvoted 1 times
...
JA2018
2 months ago
Selected Answer: C
I will chose Option C for the following reasons: #1: Least operational overhead: Choosing "SSE-S3" over "SSE-KMS" minimizes operational overhead as it automatically manages encryption keys within S3, eliminating the need for additional KMS key management. #2: Existing S3 bucket: Reusing the existing bucket avoids the extra step of creating a new one and migrating data. #3: Athena for querying: Athena is a serverless solution ideal for querying large datasets stored in S3, aligning with the requirement for a serverless architecture.
upvoted 2 times
JA2018
2 months ago
For Option A: While using KMS multi-region keys provides more control, it adds extra management complexity compared to SSE-S3.
upvoted 2 times
...
...
Abdullah2004
5 months, 1 week ago
Selected Answer: A
A is correct
upvoted 2 times
...
komorebi
6 months ago
Selected Answer: A
Answer is A
upvoted 3 times
...
JunsK1e
6 months ago
Selected Answer: C
C is correct because it needs to replicate to different AWS region
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago