Question 1

A company wants to store sensitive documents in Amazon S3. The security policy requires that the data is encrypted at rest. The company wants AWS to manage the encryption keys, but they also need an audit trail showing when the keys were used and by whom. Which TWO encryption options meet these requirements? (Select TWO.)

Accepted Answer

Identify that an audit trail for key usage requires AWS KMS (SSE-KMS). Both AWS managed and Customer managed keys in KMS provide CloudTrail logging.

Question 2

What mistakes do candidates make on this AWS SAA-C03 question?

Accepted Answer

Choosing SSE-S3, which encrypts the data but does not provide a separate audit trail for key usage.

How to approach this question

Full Answer

Common mistakes

Practice the full AWS SAA-C03 Practice Exam 1

More questions from this exam