ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 548 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 548
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

A developer is creating a new application that will give users the ability to upload documents to Amazon S3. The contents of the documents must not be accessible to any third party.

Which type of encryption will meet this requirement?

  • A. Client-side encryption by using the S3 Encryption Client with a Raw RSA wrapping key that is stored on the user’s device
  • B. Server-side encryption with S3 managed keys (SSE-S3)
  • C. Server-side encryption with AWS KMS keys (SSE-KMS)
  • D. Dual-layer server-side encryption with AWS KMS keys (DSSE-KMS)
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Arad at Jan. 13, 2025, 6:20 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Dadasar
1 month, 3 weeks ago
Selected Answer: C
Protege os dados com chaves gerenciadas pelo AWS KMS, oferecendo um nível extra de controle e auditoria sobre as chaves.Além disso, o SSE-KMS permite logs detalhados de acessos e tentativas de descriptografia no AWS CloudTrail. A. Errado, pois essa abordagem exige que os usuários gerenciem suas próprias chaves. Se um usuário perder a chave, os dados não poderão ser recuperados. Além disso, essa abordagem não aproveita os recursos de controle de acesso e auditoria do AWS KMS. B. Errado, pois o SSE-S3 usa chaves gerenciadas pelo próprio Amazon S3 e não permite controle detalhado sobre quem pode descriptografar os dados. D. Errado, porque o DSSE-KMS (Dual-layer Server-Side Encryption with AWS KMS) é mais adequado para FINRA e CJIS
upvoted 1 times
...
LingZ
2 months ago
Selected Answer: A
A. Client-side encryption using the S3 Encryption Client with a Raw RSA key: This is the correct answer because it ensures complete end-to-end protection. Here's why: The document is encrypted on the user's device before transmission The encryption key never leaves the user's control Even AWS cannot access the unencrypted contents The data remains protected throughout its entire lifecycle
upvoted 1 times
...
italiancloud2025
2 months, 1 week ago
Selected Answer: C
Es una solución robusta y administrativamente sencilla, sin la complejidad del cifrado del lado del cliente (opción A) y con un nivel de seguridad superior al de SSE-S3 (opción B). La opción D implicaría una doble capa de cifrado innecesaria para este caso.
upvoted 1 times
...
Arad
3 months, 2 weeks ago
Selected Answer: C
C is the correct answer. A is too complex. B is not the most secure way as there's no integration with IAM for access control policies specific to the key. D is overkill.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago