Amazon Exam SAA-C03 Topic 14 Question 24 Discussion

Actual exam question for Amazon's SAA-C03 exam

Question #: 24
Topic #: 14

A company is preparing to store confidential data in Amazon S3 For compliance reasons the data must be encrypted at rest Encryption key usage must be logged tor auditing purposes. Keys must be rotated every year.

Which solution meets these requirements and the MOST operationally efferent?

AServer-side encryption with customer-provided keys (SSE-C)

BServer-side encryption with Amazon S3 managed keys (SSE-S3)

CServer-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with manual rotation

DServer-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with automate rotation

Show Suggested Answer

Suggested Answer: A

A) How do you protect your data in transit?

Best Practices:

Implement secure key and certificate management: Store encryption keys and certificates securely and rotate them at appropriate time intervals while applying strict access control; for example, by using a certificate management service, such as AWS Certificate Manager (ACM).

Enforce encryption in transit: Enforce your defined encryption requirements based on appropriate standards and recommendations to help you meet your organizational, legal, and compliance requirements.

Automate detection of unintended data access: Use tools such as GuardDuty to automatically detect attempts to move data outside of defined boundaries based on data classification level, for example, to detect a trojan that is copying data to an unknown or untrusted network using the DNS protocol.

Authenticate network communications: Verify the identity of communications by using protocols that support authentication, such as Transport Layer Security (TLS) or IPsec.

https://wa.aws.amazon.com/wat.question.SEC_9.en.html

by Elli at Oct 22, 2023, 04:37 AM

Limited Time Offer

25%

Off

Get Premium SAA-C03 Questions as Interactive Web-Based Practice Test or PDF