Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SAA-C03 Topic 14 Question 24 Discussion

Actual exam question for Amazon's SAA-C03 exam
Question #: 24
Topic #: 14
[All SAA-C03 Questions]

A company is preparing to store confidential data in Amazon S3 For compliance reasons the data must be encrypted at rest Encryption key usage must be logged tor auditing purposes. Keys must be rotated every year.

Which solution meets these requirements and the MOST operationally efferent?

Show Suggested Answer Hide Answer
Suggested Answer: A

A) How do you protect your data in transit?

Best Practices:

Implement secure key and certificate management: Store encryption keys and certificates securely and rotate them at appropriate time intervals while applying strict access control; for example, by using a certificate management service, such as AWS Certificate Manager (ACM).

Enforce encryption in transit: Enforce your defined encryption requirements based on appropriate standards and recommendations to help you meet your organizational, legal, and compliance requirements.

Automate detection of unintended data access: Use tools such as GuardDuty to automatically detect attempts to move data outside of defined boundaries based on data classification level, for example, to detect a trojan that is copying data to an unknown or untrusted network using the DNS protocol.

Authenticate network communications: Verify the identity of communications by using protocols that support authentication, such as Transport Layer Security (TLS) or IPsec.

https://wa.aws.amazon.com/wat.question.SEC_9.en.html


Contribute your Thoughts:

Galen
2 days ago
I'm just glad I don't have to remember to rotate the keys myself. Imagine if they made us do that by carrier pigeon or something. Technology, FTW!
upvoted 0 times
...
Leah
3 days ago
Wow, these compliance requirements are tougher than my in-laws' expectations. Good thing AWS has solutions to make our lives easier!
upvoted 0 times
...
Penney
5 days ago
Definitely option D. Who wants to remember to rotate the keys manually every year? AWS KMS with automatic rotation is the way to go. Less headaches, more security.
upvoted 0 times
...
Janessa
6 days ago
Hmm, SSE-KMS with manual key rotation? That sounds like a lot of manual work. I'd rather have the system handle it automatically if possible.
upvoted 0 times
...
Colton
18 days ago
I'd go with option D. Automatic key rotation takes care of the yearly requirement, and the logging feature ensures auditability. Seems like the most operationally efficient choice.
upvoted 0 times
Desmond
15 hours ago
User1: Option D sounds like the best choice. Automatic key rotation and logging for auditing purposes.
upvoted 0 times
...
...
Alishia
20 days ago
SSE-KMS with automatic key rotation sounds like the perfect solution to meet the compliance requirements and minimize operational overhead. Logging the encryption key usage for auditing is a great feature too.
upvoted 0 times
...
Quentin
21 days ago
But wouldn't manual rotation give us more control over the encryption keys and auditing purposes?
upvoted 0 times
...
Hoa
22 days ago
I disagree, I believe D) Server-side encryption with AWS KMS customer master keys with automated rotation is more operationally efficient.
upvoted 0 times
...
Quentin
27 days ago
I think the best solution is C) Server-side encryption with AWS KMS customer master keys with manual rotation.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77