Exam AWS Certified Cloud Practitioner topic 1 question 142 discussion

A. DynamoDB All user data stored in Amazon DynamoDB is fully encrypted at rest. DynamoDB encryption at rest provides enhanced security by encrypting all your data at rest using encryption keys stored in AWS Key Management Service (AWS KMS)

A. Encrypt data that is stored in Amazon DynamoDB. All others options are user's responsibility

C. Encrypt user network traffic. AWS automatically encrypts user network traffic using protocols like HTTPS (TLS/SSL). This ensures that data transmitted between the user's device and AWS services is secure during transit.

Patch AWS instance is a wrong ans....its customers responsibility

opção A, todos os dados armazenados no DynamoDB são criptografados em repouso

A. Encrypt data that is stored in Amazon DynamoDB. "All user data stored in Amazon DynamoDB is fully encrypted at rest. DynamoDB encryption at rest provides enhanced security by encrypting all your data at rest using encryption keys stored in AWS Key Management Service (AWS KMS). This functionality helps reduce the operational burden and complexity involved in protecting sensitive data. With encryption at rest, you can build security-sensitive applications that meet strict encryption compliance and regulatory requirements." https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html

ChatGPT says Option": B

La opción A también podría ser correcta, ya que AWS ofrece la opción de cifrar los datos almacenados en Amazon DynamoDB de manera automática. Sin embargo, la pregunta originalmente planteada es sobre una tarea que realiza AWS de manera automática, y la opción A se refiere a una opción de cifrado que el usuario debe habilitar manualmente. Por lo tanto, la respuesta más precisa a la pregunta original es la opción B.

A is correct, encryption is automatic: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html B is incorrect, patching is not automatic: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/update-management.html

AWS regularly patches and updates the underlying infrastructure, including the host operating system, for Amazon EC2 instances. These patches and updates help ensure the security and reliability of the instances. As a customer, you are responsible for managing the software and applications running on your EC2 instances, but AWS takes care of the underlying infrastructure patches automatically. AWS does not automatically encrypt data that is stored in Amazon DynamoDB. You can choose to encrypt your data in DynamoDB, but you have to do it manually.

AWS can automatically create TLS certificates for users' websites through its AWS Certificate Manager (ACM) service, making option D the correct answer.

el parcheo de la ec2 es cosa de amazon. El encriptado tienes tu que seleccionarlo y decidir que tipo quieres, no lo hace amazon de forma automatica

All DynamoDB tables are encrypted. There is no option to enable or disable encryption for new or existing tables. By default, all tables are encrypted under an AWS owned customer master key (CMK) in the DynamoDB service account.

C. Encrypt user network traffic: AWS automatically encrypts user network traffic by providing Transport Layer Security (TLS) encryption for network connections. This is done through various AWS services, such as Elastic Load Balancer (ELB), Amazon CloudFront, and Amazon API Gateway, which automatically enable TLS encryption for inbound and outbound network traffic to secure data in transit.

According to ChatGPT - D Create TLS certificates for users' websites. AWS automatically provides and manages TLS (Transport Layer Security) certificates for users' websites through the AWS Certificate Manager (ACM) service. ACM eliminates the need for users to generate, manage, and renew their own SSL/TLS certificates. It simplifies the process of obtaining and deploying certificates for securing websites and other AWS resources. Users can request and import SSL/TLS certificates for their domain names directly from ACM, and AWS takes care of the certificate provisioning, renewal, and integration with other AWS services like Elastic Load Balancer (ELB), CloudFront, and API Gateway.

Correct: A

patching EW2 is still customer's responsibility.