Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 122 discussion

If you are a developer who needs to digitally sign or verify data using asymmetric keys, you should use the service to create and manage the private keys you’ll need. If you’re looking for a scalable key management infrastructure to support your developers and their growing number of applications, you should use it to reduce your licensing costs and operational burden... https://aws.amazon.com/kms/faqs/#:~:text=If%20you%20are%20a%20developer%20who%20needs%20to%20digitally,a%20broad%20set%20of%20industry%20and%20regional%20compliance%20regimes.

The correct answer is Option B. To reduce the operational burden, the solutions architect should use AWS Key Management Service (AWS KMS) to protect the encryption keys. AWS KMS is a fully managed service that makes it easy to create and manage encryption keys. It allows developers to easily encrypt and decrypt data in their applications, and it automatically handles the underlying key management tasks, such as key generation, key rotation, and key deletion. This can help to reduce the operational burden associated with key management.

Ans B - AWS KMS does it all as a managed service...

to reduce the operational burden, option B is the best choice.

The correct answer is Option B. To reduce the operational burden, the solutions architect should use AWS Key Management Service (AWS KMS) to protect the encryption keys

AWS KMS handles the encryption key management, rotation, and auditing. This removes the undifferentiated heavy lifting for developers. KMS integrates natively with many AWS services like S3, EBS, RDS for encryption. This makes it easy to encrypt data. KMS scales automatically as key usage increases. Developers don't have to worry about provisioning key infrastructure. Fine-grained access controls are available via IAM policies and grants. KMS is secure by default. Features like envelope encryption make compliance easier for regulated workloads. AWS handles the hardware security modules (HSMs) for cryptographic key storage

The main reasons are: AWS KMS handles the encryption key management, rotation, and auditing. This removes the undifferentiated heavy lifting for developers. KMS integrates natively with many AWS services like S3, EBS, RDS for encryption. This makes it easy to encrypt data. KMS scales automatically as key usage increases. Developers don't have to worry about provisioning key infrastructure. Fine-grained access controls are available via IAM policies and grants. KMS is secure by default. Features like envelope encryption make compliance easier for regulated workloads. AWS handles the hardware security modules (HSMs) for cryptographic key storage

By utilizing AWS KMS, the company can offload the operational responsibilities of key management, including key generation, rotation, and protection. AWS KMS provides a scalable and secure infrastructure for managing encryption keys, allowing developers to easily integrate encryption into their applications without the need to manage the underlying key infrastructure. Option A (MFA), option C (ACM), and option D (IAM policy) are not directly related to reducing the operational burden of key management. While these options may provide additional security measures or access controls, they do not specifically address the scalability and management aspects of a key management infrastructure. AWS KMS is designed to simplify the key management process and is the most suitable option for reducing the operational burden in this scenario.

B is correct.

Option B

B is correct

B is correct

If you are responsible for securing your data across AWS services, you should use it to centrally manage the encryption keys that control access to your data. If you are a developer who needs to encrypt data in your applications, you should use the AWS Encryption SDK with AWS KMS to easily generate, use and protect symmetric encryption keys in your code.