New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SAA-C03 Exam - Topic 6 Question 30 Discussion

Actual exam question for Amazon's SAA-C03 exam
Question #: 30
Topic #: 6
[All SAA-C03 Questions]

A company is building a new web-based customer relationship management application. The application will use several Amazon EC2 instances that are backed by Amazon Elastic Block Store (Amazon EBS) volumes behind an Application Load Balancer (ALB). The application will also use an Amazon Aurora database. All data for the application must be encrypted at rest and in transit.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: A

A: How do you protect your data in transit?

Best Practices:

Implement secure key and certificate management: Store encryption keys and certificates securely and rotate them at appropriate time intervals while applying strict access control; for example, by using a certificate management service, such as AWS Certificate Manager (ACM).

Enforce encryption in transit: Enforce your defined encryption requirements based on appropriate standards and recommendations to help you meet your organizational, legal, and compliance requirements.

Automate detection of unintended data access: Use tools such as GuardDuty to automatically detect attempts to move data outside of defined boundaries based on data classification level, for example, to detect a trojan that is copying data to an unknown or untrusted network using the DNS protocol.

Authenticate network communications: Verify the identity of communications by using protocols that support authentication, such as Transport Layer Security (TLS) or IPsec.

https://wa.aws.amazon.com/wat.question.SEC_9.en.html


by Cecil at Mar 10, 2024, 03:54 AM

Limited Time Offer

25%

Off

Get Premium SAA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Coleen
3 months ago
C is the way to go, it covers all the encryption needs!
upvoted 0 times
...
Wai
3 months ago
Definitely not B, using the root account for everything is a bad idea.
upvoted 0 times
...
Blair
3 months ago
Wait, can you really use the root account for that? Seems risky!
upvoted 0 times
...
Anjelica
4 months ago
I think A is better for using ACM with the ALB.
upvoted 0 times
...
Nina
4 months ago
Option C sounds right, KMS for EBS and Aurora is a solid choice.
upvoted 0 times
...
Timothy
4 months ago
I vaguely recall that BitLocker is more for Windows environments, so option D might not be the best fit for AWS.
upvoted 0 times
...
Danilo
4 months ago
I feel like option B is definitely wrong; using the root account for everything seems risky and not best practice.
upvoted 0 times
...
Kimbery
4 months ago
I'm not entirely sure, but I remember something about using ACM for certificates. Is that in option A or C?
upvoted 0 times
...
Jean
5 months ago
I think option C sounds familiar because we discussed using AWS KMS for EBS and Aurora encryption in class.
upvoted 0 times
...
Allene
5 months ago
I'm not sure about using the root account to turn on encryption for the whole account. That doesn't seem like the most secure or recommended approach. I'll focus on the individual service-level encryption options.
upvoted 0 times
...
Daryl
5 months ago
Option A looks good to me. Using KMS and ACM to handle the encryption requirements seems like a reliable and integrated solution. I'll make sure I understand how those services work together.
upvoted 0 times
...
Darnell
5 months ago
Hmm, I'm a bit confused about the different encryption options here. I'll need to review the details of AWS KMS, ACM, and how they work with the various AWS services mentioned in the question.
upvoted 0 times
...
Darrin
5 months ago
This seems like a straightforward encryption question. I think option C is the best approach - using AWS KMS to encrypt the EBS volumes and Aurora database, and ACM for the ALB certificate.
upvoted 0 times
...
Hubert
5 months ago
Hmm, this looks like a tricky one. I'll need to carefully examine the exhibit and the answer choices to determine which statement is false.
upvoted 0 times
...
Filiberto
5 months ago
Wait, what's the difference between ASR and TTS? I'm a little fuzzy on the details there. Let me review my notes quickly.
upvoted 0 times
...
Mitsue
5 months ago
This question feels similar to one we did in practice about functionality in services. I think it's "orchestrated task", but I'm not entirely certain.
upvoted 0 times
...
Mica
5 months ago
I'm a bit confused here. Does the user need full access (read, write, and execute) on both folders to be able to compare the mappings? Or is read permission alone sufficient?
upvoted 0 times
...
Dominga
5 months ago
I practiced a similar question on Aviatrix's features last week, and I'm leaning towards D, the AWS TGW Orchestrator. It just seems to fit.
upvoted 0 times
...
Cristal
9 months ago
Haha, nice try with the BitLocker option, but I don't think that's gonna fly in an AWS environment. C is the clear winner here.
upvoted 0 times
...
Chauncey
10 months ago
BitLocker? Really? That's a Windows feature, not an AWS solution. I think option C is the way to go.
upvoted 0 times
Amber
8 months ago
Option C: Use AWS Key Management Service (KMS) to manage encryption keys for the Amazon EBS volumes and the Amazon Aurora database.
upvoted 0 times
...
Amina
8 months ago
Option B: Use AWS Key Management Service (KMS) to manage encryption keys for the Amazon Aurora database.
upvoted 0 times
...
Geoffrey
9 months ago
Option A: Use BitLocker to encrypt the data on the Amazon EBS volumes.
upvoted 0 times
...
...
Dorothea
10 months ago
I'm not sure using the root account is a good idea. It's generally recommended to use IAM users for this kind of task.
upvoted 0 times
Laine
9 months ago
Configure SSL/TLS for the ALB to encrypt data in transit.
upvoted 0 times
...
Javier
9 months ago
Create an IAM role with the necessary permissions for the EC2 instances to access the encrypted data.
upvoted 0 times
...
Erick
9 months ago
Use AWS Key Management Service (KMS) to encrypt the Amazon EBS volumes and the Amazon Aurora database.
upvoted 0 times
...
...
Hillary
10 months ago
Option C looks like the right choice here. It covers the encryption requirements for both data at rest and in transit.
upvoted 0 times
Wai
9 months ago
User 3: Yeah, I agree with Wai. Option C seems to be the most comprehensive solution for the encryption requirements.
upvoted 0 times
...
Kiley
9 months ago
User 2: Option C covers both data at rest and in transit encryption, so it seems like the best choice.
upvoted 0 times
...
Paris
9 months ago
User 1: I think Option A could work too, it mentions encryption for data at rest.
upvoted 0 times
...
...
Anabel
11 months ago
I'm not sure about option A. I think option C could also work by using AWS KMS to encrypt data at rest and attaching an ACM certificate to the ALB for data in transit.
upvoted 0 times
...
Arlette
11 months ago
I agree with Leeann. Option A seems to be the most secure and straightforward way to meet the encryption requirements.
upvoted 0 times
...
Leeann
11 months ago
I think option A is the best solution. Using AWS KMS certificates on the ALB for data in transit and ACM for data at rest makes sense.
upvoted 0 times
...

Save Cancel