Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Amazon Discussions

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 330 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 330
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company is planning to store data on Amazon RDS DB instances. The company must encrypt the data at rest.

What should a solutions architect do to meet this requirement?

  • A. Create a key in AWS Key Management Service (AWS KMS). Enable encryption for the DB instances.
  • B. Create an encryption key. Store the key in AWS Secrets Manager. Use the key to encrypt the DB instances.
  • C. Generate a certificate in AWS Certificate Manager (ACM). Enable SSL/TLS on the DB instances by using the certificate.
  • D. Generate a certificate in AWS Identity and Access Management (IAM). Enable SSL/TLS on the DB instances by using the certificate.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Bhawesh at Feb. 17, 2023, 8:38 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
awsgeek75
6 months ago
Selected Answer: A
A: Enable encryption B: KMS is for storage and doesn't directly integrate to DB without further work C and D are for data encryption in transit not at rest
upvoted 2 times
awsgeek75
5 months, 2 weeks ago
Actually, D is total nonsense and no idea what it is saying
upvoted 1 times
...
...
robpalacios1
7 months, 2 weeks ago
Selected Answer: A
KMS only generates and manages encryption keys. That's it. That's all it does. It's a fundamental service that you as well as other AWS Services (like Secrets Manager) use it to encrypt or decrypt. Key Management Service. Secrets Manager is for database connection strings. upvoted 3 times
upvoted 3 times
...
antropaws
1 year, 1 month ago
OK, but why not B???
upvoted 1 times
aaroncelestin
10 months, 2 weeks ago
KMS only generates and manages encryption keys. That's it. That's all it does. It's a fundamental service that you as well as other AWS Services (like Secrets Manager) use it to encrypt or decrypt. Secrets Manager stores actual secrets like passwords, pass phrases, and anything else you want encrypted. SM uses KMS to encrypt its secrets, it would be circular to get an encryption key from KMS to use SM to encrypt the encryption key.
upvoted 4 times
...
...
SkyZeroZx
1 year, 2 months ago
Selected Answer: A
ANSWER - A
upvoted 1 times
...
datz
1 year, 3 months ago
Selected Answer: A
A for sure
upvoted 1 times
...
PRASAD180
1 year, 4 months ago
A is 100% Crt
upvoted 1 times
...
Steve_4542636
1 year, 4 months ago
Selected Answer: A
Key Management Service. Secrets Manager is for database connection strings.
upvoted 3 times
...
LuckyAro
1 year, 4 months ago
Selected Answer: A
A is the correct solution to meet the requirement of encrypting the data at rest. To encrypt data at rest in Amazon RDS, you can use the encryption feature of Amazon RDS, which uses AWS Key Management Service (AWS KMS). With this feature, Amazon RDS encrypts each database instance with a unique key. This key is stored securely by AWS KMS. You can manage your own keys or use the default AWS-managed keys. When you enable encryption for a DB instance, Amazon RDS encrypts the underlying storage, including the automated backups, read replicas, and snapshots.
upvoted 3 times
...
bdp123
1 year, 4 months ago
Selected Answer: A
AWS Key Management Service (KMS) is used to manage the keys used to encrypt and decrypt the data.
upvoted 1 times
...
pbpally
1 year, 4 months ago
Selected Answer: A
Option A
upvoted 1 times
...
NolaHOla
1 year, 4 months ago
A. Create a key in AWS Key Management Service (AWS KMS). Enable encryption for the DB instances is the correct answer to encrypt the data at rest in Amazon RDS DB instances. Amazon RDS provides multiple options for encrypting data at rest. AWS Key Management Service (KMS) is used to manage the keys used to encrypt and decrypt the data. Therefore, a solution architect should create a key in AWS KMS and enable encryption for the DB instances to encrypt the data at rest.
upvoted 1 times
...
jennyka76
1 year, 4 months ago
ANSWER - A https://docs.aws.amazon.com/whitepapers/latest/efs-encrypted-file-systems/managing-keys.html
upvoted 1 times
...
Bhawesh
1 year, 4 months ago
Selected Answer: A
A. Create a key in AWS Key Management Service (AWS KMS). Enable encryption for the DB instances. https://www.examtopics.com/discussions/amazon/view/80753-exam-aws-certified-solutions-architect-associate-saa-c02/
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
ex Want to SAVE BIG on Certification Exam Prep?
close
ex Unlock All Exams with ExamTopics Pro 75% Off
  • arrow Choose From 1000+ Exams
  • arrow Access to 10 Exams per Month
  • arrow PDF Format Available
  • arrow Inline Discussions
  • arrow No Captcha/Robot Checks
Limited Time Offer
Ends in

Claim Offer Now
286 people claimed it in the last 6 hours