exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 330 discussion

A company is planning to store data on Amazon RDS DB instances. The company must encrypt the data at rest.

What should a solutions architect do to meet this requirement?

  • A. Create a key in AWS Key Management Service (AWS KMS). Enable encryption for the DB instances.
  • B. Create an encryption key. Store the key in AWS Secrets Manager. Use the key to encrypt the DB instances.
  • C. Generate a certificate in AWS Certificate Manager (ACM). Enable SSL/TLS on the DB instances by using the certificate.
  • D. Generate a certificate in AWS Identity and Access Management (IAM). Enable SSL/TLS on the DB instances by using the certificate.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
awsgeek75
5 months, 3 weeks ago
Selected Answer: A
A: Enable encryption B: KMS is for storage and doesn't directly integrate to DB without further work C and D are for data encryption in transit not at rest
upvoted 3 times
awsgeek75
5 months, 1 week ago
Actually, D is total nonsense and no idea what it is saying
upvoted 1 times
...
...
robpalacios1
7 months ago
Selected Answer: A
KMS only generates and manages encryption keys. That's it. That's all it does. It's a fundamental service that you as well as other AWS Services (like Secrets Manager) use it to encrypt or decrypt. Key Management Service. Secrets Manager is for database connection strings. upvoted 3 times
upvoted 4 times
...
antropaws
1 year ago
OK, but why not B???
upvoted 1 times
aaroncelestin
10 months ago
KMS only generates and manages encryption keys. That's it. That's all it does. It's a fundamental service that you as well as other AWS Services (like Secrets Manager) use it to encrypt or decrypt. Secrets Manager stores actual secrets like passwords, pass phrases, and anything else you want encrypted. SM uses KMS to encrypt its secrets, it would be circular to get an encryption key from KMS to use SM to encrypt the encryption key.
upvoted 5 times
...
...
SkyZeroZx
1 year, 1 month ago
Selected Answer: A
ANSWER - A
upvoted 1 times
...
datz
1 year, 3 months ago
Selected Answer: A
A for sure
upvoted 2 times
...
PRASAD180
1 year, 3 months ago
A is 100% Crt
upvoted 2 times
...
Steve_4542636
1 year, 3 months ago
Selected Answer: A
Key Management Service. Secrets Manager is for database connection strings.
upvoted 4 times
...
LuckyAro
1 year, 4 months ago
Selected Answer: A
A is the correct solution to meet the requirement of encrypting the data at rest. To encrypt data at rest in Amazon RDS, you can use the encryption feature of Amazon RDS, which uses AWS Key Management Service (AWS KMS). With this feature, Amazon RDS encrypts each database instance with a unique key. This key is stored securely by AWS KMS. You can manage your own keys or use the default AWS-managed keys. When you enable encryption for a DB instance, Amazon RDS encrypts the underlying storage, including the automated backups, read replicas, and snapshots.
upvoted 4 times
...
bdp123
1 year, 4 months ago
Selected Answer: A
AWS Key Management Service (KMS) is used to manage the keys used to encrypt and decrypt the data.
upvoted 2 times
...
pbpally
1 year, 4 months ago
Selected Answer: A
Option A
upvoted 2 times
...
NolaHOla
1 year, 4 months ago
A. Create a key in AWS Key Management Service (AWS KMS). Enable encryption for the DB instances is the correct answer to encrypt the data at rest in Amazon RDS DB instances. Amazon RDS provides multiple options for encrypting data at rest. AWS Key Management Service (KMS) is used to manage the keys used to encrypt and decrypt the data. Therefore, a solution architect should create a key in AWS KMS and enable encryption for the DB instances to encrypt the data at rest.
upvoted 2 times
...
jennyka76
1 year, 4 months ago
ANSWER - A https://docs.aws.amazon.com/whitepapers/latest/efs-encrypted-file-systems/managing-keys.html
upvoted 2 times
...
Bhawesh
1 year, 4 months ago
Selected Answer: A
A. Create a key in AWS Key Management Service (AWS KMS). Enable encryption for the DB instances. https://www.examtopics.com/discussions/amazon/view/80753-exam-aws-certified-solutions-architect-associate-saa-c02/
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago