Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 216 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 216
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company has a serverless website with millions of objects in an Amazon S3 bucket. The company uses the S3 bucket as the origin for an Amazon CloudFront distribution. The company did not set encryption on the S3 bucket before the objects were loaded. A solutions architect needs to enable encryption for all existing objects and for all objects that are added to the S3 bucket in the future.

Which solution will meet these requirements with the LEAST amount of effort?

  • A. Create a new S3 bucket. Turn on the default encryption settings for the new S3 bucket. Download all existing objects to temporary local storage. Upload the objects to the new S3 bucket.
  • B. Turn on the default encryption settings for the S3 bucket. Use the S3 Inventory feature to create a .csv file that lists the unencrypted objects. Run an S3 Batch Operations job that uses the copy command to encrypt those objects.
  • C. Create a new encryption key by using AWS Key Management Service (AWS KMS). Change the settings on the S3 bucket to use server-side encryption with AWS KMS managed encryption keys (SSE-KMS). Turn on versioning for the S3 bucket.
  • D. Navigate to Amazon S3 in the AWS Management Console. Browse the S3 bucket’s objects. Sort by the encryption field. Select each unencrypted object. Use the Modify button to apply default encryption settings to every unencrypted object in the S3 bucket.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Morinator at Jan. 13, 2023, 2:26 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Parsons
Highly Voted 1 year, 10 months ago
Selected Answer: B
Step 1: S3 inventory to get object list Step 2 (If needed): Use S3 Select to filter Step 3: S3 object operations to encrypt the unencrypted objects. On the going object use default encryption.
upvoted 17 times
Parsons
1 year, 10 months ago
Useful ref link: https://aws.amazon.com/blogs/storage/encrypting-objects-with-amazon-s3-batch-operations/
upvoted 10 times
...
...
cookieMr
Highly Voted 1 year, 4 months ago
Selected Answer: B
By enabling default encryption settings on the S3, all newly added objects will be automatically encrypted. To encrypt the existing objects, the S3 Inventory feature can be used to generate a list of unencrypted objects. Then, an S3 Batch Operations job can be executed to copy those objects while applying encryption. A. This solution involves creating a new S3 and manually downloading and uploading all existing objects. It requires significant effort and time to transfer millions of objects, making it a less efficient solution. C. While enabling SSE with AWS KMS is a valid approach to encrypt objects in an S3, it does not address the requirement of encrypting existing objects. It only applies encryption to new objects added to the bucket. D. Manually modifying each object in the S3 to apply default encryption settings is a labor-intensive and error-prone process. It would require individually selecting and modifying each unencrypted object, which is impractical for a large number of objects.
upvoted 13 times
...
lofzee
Most Recent 5 months, 3 weeks ago
Selected Answer: B
to be fair all these options take a hell a lot of work to do but i think the least amount of effort is B. https://aws.amazon.com/blogs/storage/encrypting-objects-with-amazon-s3-batch-operations/
upvoted 4 times
...
pentium75
10 months, 4 weeks ago
Selected Answer: B
A - Extreme amount of effort B - Should work C - SSE-KMS is not "least amount of effort" compared to SSE-S3; Turning versioning is not required to achieve the result but on the contrary, it will cause the non-encrypted files to remain as old versions even if you encrypt them in the future. D - Even more effort as A
upvoted 2 times
foha2012
10 months ago
.csv for millions of objects ?? C looks simpler.
upvoted 2 times
...
foha2012
10 months ago
B doesnt look like least amount of effort
upvoted 1 times
...
...
CapJackSparrow
1 year, 8 months ago
Selected Answer: B
B... https://catalog.us-east-1.prod.workshops.aws/workshops/05f16f1a-0bbf-45a7-a304-4fcd7fca3d1f/en-US/s3-track/module-2 You're welcome
upvoted 4 times
...
bdp123
1 year, 9 months ago
Selected Answer: B
Amazon S3 now configures default encryption on all existing unencrypted buckets to apply server-side encryption with S3 managed keys (SSE-S3) as the base level of encryption for new objects uploaded to these buckets. Objects that are already in an existing unencrypted bucket won't be automatically encrypted. https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-encryption-faq.html
upvoted 4 times
...
Yelizaveta
1 year, 9 months ago
Selected Answer: B
https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops-copy-example-bucket-key.html
upvoted 2 times
...
aakashkumar1999
1 year, 9 months ago
Selected Answer: B
B is the correct answer
upvoted 2 times
...
Val182
1 year, 9 months ago
Selected Answer: B
B 100% https://spin.atomicobject.com/2020/09/15/aws-s3-encrypt-existing-objects/
upvoted 2 times
...
LuckyAro
1 year, 9 months ago
Selected Answer: A
Why is no one discussing A ? I think A can also achieve the required results. B is the most appropriate answer though.
upvoted 1 times
pentium75
10 months, 4 weeks ago
Downloading and uploading "millions of objects" is surely not "least amount of effort", thus does not meet the requirements.
upvoted 2 times
...
...
Training4aBetterLife
1 year, 10 months ago
Selected Answer: B
S3 provides a single control to automatically encrypt all new objects in a bucket with SSE-S3 or SSE-KMS. Unfortunately, these controls only affect new objects. If your bucket already contains millions of unencrypted objects, then turning on automatic encryption does not make your bucket secure as the unencrypted objects remain. For S3 buckets with a large number of objects (millions to billions), use Amazon S3 Inventory to get a list of the unencrypted objects, and Amazon S3 Batch Operations to encrypt the large number of old, unencrypted files.
upvoted 4 times
Training4aBetterLife
1 year, 10 months ago
Versioning: When you overwrite an S3 object, it results in a new object version in the bucket. However, this will not remove the old unencrypted versions of the object. If you do not delete the old version of your newly encrypted objects, you will be charged for the storage of both versions of the objects. S3 Lifecycle If you want to remove these unencrypted versions, use S3 Lifecycle to expire previous versions of objects. When you add a Lifecycle configuration to a bucket, the configuration rules apply to both existing objects and objects added later. C is missing this step, which I believe is what makes B the better choice. B includes the functionality of encrypting the old unencrypted objects via Batch Operations, whereas, Versioning does not address the old unencrypted objects.
upvoted 2 times
...
...
Training4aBetterLife
1 year, 10 months ago
S3 provides a single control to automatically encrypt all new objects in a bucket with SSE-S3 or SSE-KMS. Unfortunately, these controls only affect new objects. If your bucket already contains millions of unencrypted objects, then turning on automatic encryption does not make your bucket secure as the unencrypted objects remain. For S3 buckets with a large number of objects (millions to billions), use Amazon S3 Inventory to get a list of the unencrypted objects, and Amazon S3 Batch Operations to encrypt the large number of old, unencrypted files.
upvoted 2 times
Training4aBetterLife
1 year, 10 months ago
Versioning: When you overwrite an S3 object, it results in a new object version in the bucket. However, this will not remove the old unencrypted versions of the object. If you do not delete the old version of your newly encrypted objects, you will be charged for the storage of both versions of the objects. S3 Lifecycle If you want to remove these unencrypted versions, use S3 Lifecycle to expire previous versions of objects. When you add a Lifecycle configuration to a bucket, the configuration rules apply to both existing objects and objects added later. C is missing this step, which I believe is what makes B the better choice. B includes the functionality of encrypting the old unencrypted objects via Batch Operations, whereas, Versioning does not address the old unencrypted objects.
upvoted 1 times
Training4aBetterLife
1 year, 10 months ago
Please remove duplicate response as I was meaning to submit a voting comment.
upvoted 1 times
...
...
...
John_Zhuang
1 year, 10 months ago
Selected Answer: B
C is wrong. Even though you turn on the SSE-KMS with a new key, the existing objects are still yet to be encrypted. They still need to be manually encrypted by AWS batch
upvoted 3 times
pentium75
10 months, 4 weeks ago
And as in C you "turn on versioning", the old, unencrypted objects will be kept.
upvoted 2 times
...
...
LuckyAro
1 year, 10 months ago
Selected Answer: B
https://spin.atomicobject.com/2020/09/15/aws-s3-encrypt-existing-objects/
upvoted 2 times
...
Aninina
1 year, 10 months ago
Selected Answer: C
C is the answer
upvoted 2 times
pentium75
10 months, 4 weeks ago
Why? This does not include a step to encrypt existing objects, and by turning on versioning you will keep the unencrypted versions forever.
upvoted 1 times
...
...
techhb
1 year, 10 months ago
Selected Answer: B
Agree with Parsons
upvoted 2 times
...
Lilibell
1 year, 10 months ago
the answer is C also, the questions require future encryption of the objects is the S3 bucket = VERSIONING
upvoted 1 times
pentium75
10 months, 4 weeks ago
Huh? "future encryption of objects = versioning"??????
upvoted 1 times
...
pentium75
10 months, 4 weeks ago
Actually it's the opposite. Versioning will keep the unencrypted objects as previous versions, even if you encrypt them.
upvoted 2 times
...
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel