For Individuals For Educators

Ace your certifications with Practice Exams and AI assistance.

Browse Exams
For Educators
Blog

Privacy Policy
Terms of Service
Cookie Policy
Support

AWS SAA Exam Prep
PMI PMP Exam Prep
CPA Exam Prep
GCP PCA Exam Prep

© 2026 TinyHive Labs. Company number 16262776.

Practice AWS Solutions Architect Associate (SAA-C03)AWS SAA-C03 Practice Exam 2Question 03

Medium1 markMultiple Choice

Domain 1.3: Data SecurityDomain 1SecurityKMSS3

AWS SAA-C03 · Question 03 · Domain 1.3: Data Security

A company is storing highly sensitive data in an Amazon S3 bucket. The security team requires that the data is encrypted at rest using keys managed by the company, and that all API calls to the keys are logged. Which TWO actions should a solutions architect take? (Select TWO.)

Answer options:

A.

Use Amazon S3 managed keys (SSE-S3).

B.

Use AWS KMS Customer Managed Keys (CMKs).

C.

Enable AWS CloudTrail to log KMS API calls.

D.

Use AWS Secrets Manager to store the encryption keys.

E.

Enable Amazon Macie to log key usage.

How to approach this question

Identify the key management service and logging service.

Full Answer

Use AWS KMS Customer Managed Keys (CMKs) for S3 encryption. Enable AWS CloudTrail to log KMS API calls.

AWS KMS CMKs provide customer control over encryption keys. CloudTrail logs all API requests to KMS.

Common mistakes

Selecting SSE-S3 which doesn't provide customer control over the keys.

Question 02 All questions Question 04

Practice the full AWS SAA-C03 Practice Exam 2

65 questions · hints · full answers · grading

Sign up free Take the exam

More questions from this exam

Q01A company wants to ensure that no AWS resources can be created in the ap-northeast-1 region acros...Easy Q02A web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The com...Easy Q04An application running on an EC2 instance needs to access an Amazon DynamoDB table in a different...Hard Q05A company needs to store database credentials securely. The credentials must be automatically rot...Medium Q06A solutions architect needs to implement a threat detection service that continuously monitors fo...Easy

View all 65 questions →