ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 270 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 270
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company is using a centralized AWS account to store log data in various Amazon S3 buckets. A solutions architect needs to ensure that the data is encrypted at rest before the data is uploaded to the S3 buckets. The data also must be encrypted in transit.

Which solution meets these requirements?

  • A. Use client-side encryption to encrypt the data that is being uploaded to the S3 buckets.
  • B. Use server-side encryption to encrypt the data that is being uploaded to the S3 buckets.
  • C. Create bucket policies that require the use of server-side encryption with S3 managed encryption keys (SSE-S3) for S3 uploads.
  • D. Enable the security option to encrypt the S3 buckets through the use of a default AWS Key Management Service (AWS KMS) key.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by bamishr at Jan. 13, 2023, 1:14 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
techhb
Highly Voted 2 years, 2 months ago
Selected Answer: A
here keyword is "before" "the data is encrypted at rest before the data is uploaded to the S3 buckets."
upvoted 29 times
...
mhmt4438
Highly Voted 2 years, 2 months ago
Selected Answer: A
https://www.examtopics.com/discussions/amazon/view/53840-exam-aws-certified-solutions-architect-associate-saa-c02/
upvoted 5 times
...
Dantecito
Most Recent 1 month, 3 weeks ago
Selected Answer: A
For those who are confused with the data also must be encrypted in transit, Amazon S3 TLS (Transport Layer Security) is used by default and you can't disable it.
upvoted 2 times
...
LeonSauveterre
4 months ago
Selected Answer: A
After a little googling, for those who are confused by "at rest": 1. *Encryption at Rest* refers to the encryption applied to the stored data. Encryption may be implemented at the source, where data is generated and stored at the origin. 2. *Encryption in Transit* refers to encrypting data that is transferred between two nodes of the network. 3. *End-to-End Encryption* refers to the combination of the encryption at rest and encryption in transit.
upvoted 3 times
...
babayomi
5 months, 2 weeks ago
A I believe the question is crafted to cause some confusion. At the same time it is simple to answer, since client side encryption answers the the requirements.
upvoted 2 times
...
reviewmine
1 year, 1 month ago
Selected Answer: A
Answer is A. Encrypt it first before uploading to S3.
upvoted 2 times
...
pentium75
1 year, 3 months ago
Selected Answer: C
I think the many votes for A are caused by misunderstanding the wording as "Ensure that the data is encrypted at rest before the data is uploaded" But that doesn't make sense, it means "Ensure that the data is encrypted at rest before the data is uploaded" So, before you allow people to upload data, make sure that it gets encrypted.
upvoted 3 times
pentium75
1 year, 3 months ago
On second thought, C would not enforce encryption in transit. Thus must be A indeed.
upvoted 3 times
awsgeek75
1 year, 2 months ago
For a moment I bought into your reasoning for C assuming that maybe the question is missing some grammar construct but realised that C does not really solve the encryption in transit issue like I originally thought. BUT good work!
upvoted 2 times
...
...
...
Cyberkayu
1 year, 3 months ago
BCD, data not yet encrypted before landing on S3 bucket
upvoted 3 times
...
palthainon
1 year, 5 months ago
Selected Answer: C
HTTPs would encrypt in transe, SSE3 managed keys fulfills requirement for at rest. This is an aws exam, not a best practices exam.
upvoted 1 times
awsgeek75
1 year, 2 months ago
No. HTTPS is not enough for encryption in transit when it comes to S3. https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingClientSideEncryption.html "Client-side encryption is the act of encrypting your data locally to help ensure its security in transit and at rest. "
upvoted 4 times
...
...
petertang224
1 year, 5 months ago
Its_SaKar
upvoted 1 times
...
prabhjot
1 year, 5 months ago
Ans is B - Server-Side Encryption (SSE): ensure data is encrypted at rest and also Encryption in Transit: When you upload data to Amazon S3 using standard HTTPS requests.
upvoted 4 times
...
TariqKipkemei
1 year, 6 months ago
Selected Answer: A
Use client-side encryption to encrypt the data that is being uploaded to the S3 buckets
upvoted 2 times
...
Guru4Cloud
1 year, 6 months ago
Selected Answer: A
A. Use client-side encryption to encrypt the data that is being uploaded to the S3 buckets.
upvoted 2 times
...
Guru4Cloud
1 year, 6 months ago
Selected Answer: A
A. Use client-side encryption to encrypt the data that is being uploaded to the S3 buckets.
upvoted 2 times
...
Abobaloyi
1 year, 9 months ago
Selected Answer: A
data must be encrypted before uploaded , which means the client need to do it before uploading the data to S3
upvoted 4 times
...
datz
1 year, 11 months ago
Selected Answer: A
A, would meet requirements.
upvoted 2 times
...
nder
2 years, 1 month ago
Selected Answer: A
Because the data must be encrypted while in transit
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago