Amazon SAA-C03 Exam - Topic 14 Question 24 Discussion

Actual exam question for Amazon's SAA-C03 exam

Question #: 24
Topic #: 14

A company is preparing to store confidential data in Amazon S3 For compliance reasons the data must be encrypted at rest Encryption key usage must be logged tor auditing purposes. Keys must be rotated every year.

Which solution meets these requirements and the MOST operationally efferent?

AServer-side encryption with customer-provided keys (SSE-C)

BServer-side encryption with Amazon S3 managed keys (SSE-S3)

CServer-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with manual rotation

DServer-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with automate rotation

Show Suggested Answer

Suggested Answer: A

A) How do you protect your data in transit?

Best Practices:

Implement secure key and certificate management: Store encryption keys and certificates securely and rotate them at appropriate time intervals while applying strict access control; for example, by using a certificate management service, such as AWS Certificate Manager (ACM).

Enforce encryption in transit: Enforce your defined encryption requirements based on appropriate standards and recommendations to help you meet your organizational, legal, and compliance requirements.

Automate detection of unintended data access: Use tools such as GuardDuty to automatically detect attempts to move data outside of defined boundaries based on data classification level, for example, to detect a trojan that is copying data to an unknown or untrusted network using the DNS protocol.

Authenticate network communications: Verify the identity of communications by using protocols that support authentication, such as Transport Layer Security (TLS) or IPsec.

https://wa.aws.amazon.com/wat.question.SEC_9.en.html

by Elli at Oct 22, 2023, 04:37 AM

Limited Time Offer

25%

Off

Get Premium SAA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Felix

3 months ago

Definitely need logging for compliance, so SSE-KMS is the way to go!

upvoted 0 times

...

Andree

3 months ago

SSE-C requires more manual work, not efficient.

upvoted 0 times

...

Irving

3 months ago

Wait, can we really automate key rotation? That’s impressive!

upvoted 0 times

...

Avery

4 months ago

I think SSE-S3 is easier to manage though.

upvoted 0 times

...

Marylyn

4 months ago

SSE-KMS with automated rotation sounds solid!

upvoted 0 times

...

Shawnta

4 months ago

I’m leaning towards option D as well, but I wonder if there are any specific compliance requirements that might make one of the other options more suitable.

upvoted 0 times

...

Lajuana

4 months ago

I feel like I’ve seen a similar question before, and I think SSE-KMS is generally preferred for compliance, but I’m not sure if it was option C or D that had the automated rotation.

upvoted 0 times

...

Apolonia

4 months ago

I'm not entirely sure, but I remember something about SSE-C being less operationally efficient because of the need to manage keys manually.

upvoted 0 times

...

Taryn

5 months ago

I think option D is the best choice since it mentions automated key rotation, which sounds like it would save time and effort.

upvoted 0 times

...

Mike

5 months ago

I'm a little confused by the different encryption options. Can someone help me understand the differences between SSE-C, SSE-S3, and SSE-KMS? That might help me narrow down the best choice.

upvoted 0 times

...

Dean

5 months ago

I'm confident that option D is the best choice here. The question specifically asks for the most operationally efficient solution, and automatic key rotation with AWS KMS is the way to go.

upvoted 0 times

...

Gussie

5 months ago

Okay, let's think this through. We need encryption at rest, logging of key usage, and automatic key rotation. I'm leaning towards option D, which seems to meet all of those requirements.

upvoted 0 times

...

Willis

5 months ago

This one seems pretty straightforward. I think the key is to focus on the requirements around encryption, key usage logging, and automatic key rotation.

upvoted 0 times

...

Nobuko

5 months ago

Hmm, I'm a bit unsure about this one. The question mentions a few different encryption options, and I'm not sure which one would be the most operationally efficient.

upvoted 0 times

...

Dominga

5 months ago

I think the "with sharing" keyword in Apex classes is the way to go. That ensures record visibility is properly enforced.

upvoted 0 times

...

Elin

5 months ago

This seems like a classic specification-based testing scenario. Since the system is safety-critical, I'd probably go with State Transition Testing to ensure I cover all the possible state changes and transitions.

upvoted 0 times

...

Derrick

5 months ago

Okay, I've got a plan. I'll focus on the key requirements - the nonprofit wants to use the memberships feature. That means I need to look for an option that directly supports that, like creating a Membership Opportunity record type.

upvoted 0 times

...

Whitley

5 months ago

I remember practicing a question on this, and I think production planning was involved somehow.

upvoted 0 times

...

Galen

10 months ago

I'm just glad I don't have to remember to rotate the keys myself. Imagine if they made us do that by carrier pigeon or something. Technology, FTW!

upvoted 0 times

Honey

9 months ago

Exactly! Technology definitely makes our lives easier.

upvoted 0 times

...

Zona

9 months ago

That sounds like a lifesaver. No more manual key rotation for us!

upvoted 0 times

...

James

9 months ago

Use AWS Key Management Service (KMS) to manage encryption keys and enable key rotation

upvoted 0 times

...

Leah

10 months ago

Wow, these compliance requirements are tougher than my in-laws' expectations. Good thing AWS has solutions to make our lives easier!

upvoted 0 times

...

Penney

10 months ago

Definitely option D. Who wants to remember to rotate the keys manually every year? AWS KMS with automatic rotation is the way to go. Less headaches, more security.

upvoted 0 times

Leonida

9 months ago

AWS KMS with automatic rotation is a smart choice for ensuring data security and compliance with minimal effort.

upvoted 0 times

...

Edgar

9 months ago

It's important to have that extra layer of security and automation with AWS KMS for encryption keys.

upvoted 0 times

...

Noelia

10 months ago

Automatic rotation definitely makes it easier to stay compliant with key rotation requirements.

upvoted 0 times

...

Bong

10 months ago

I agree, option D with AWS KMS automatic rotation is the best choice for security and efficiency.

upvoted 0 times

...

Janessa

10 months ago

Hmm, SSE-KMS with manual key rotation? That sounds like a lot of manual work. I'd rather have the system handle it automatically if possible.

upvoted 0 times

...

Colton

11 months ago

I'd go with option D. Automatic key rotation takes care of the yearly requirement, and the logging feature ensures auditability. Seems like the most operationally efficient choice.

upvoted 0 times

Lavelle

9 months ago

User4: Logging the encryption key usage is crucial for compliance reasons.

upvoted 0 times

...

Bok

9 months ago

I agree, the logging feature for auditing purposes is also important.

upvoted 0 times

...

Daryl

9 months ago

Option D sounds like the best choice. Automatic key rotation is convenient.

upvoted 0 times

...

Loreta

9 months ago

User3: Automatic key rotation definitely simplifies the yearly requirement.

upvoted 0 times

...

Layla

10 months ago

User2: I agree, it seems like the most operationally efficient solution.

upvoted 0 times

...

Desmond

10 months ago

User1: Option D sounds like the best choice. Automatic key rotation and logging for auditing purposes.

upvoted 0 times

...

Alishia

11 months ago

SSE-KMS with automatic key rotation sounds like the perfect solution to meet the compliance requirements and minimize operational overhead. Logging the encryption key usage for auditing is a great feature too.

upvoted 0 times

...