ExpertMedium1 markMultiple Choice
AWS SAA-C03 · Question 18 · Domain 1.3: Data Security
A company is migrating a NoSQL database to Amazon DynamoDB. The security team mandates that all data must be encrypted at rest using an AWS managed key. How should the solutions architect configure this?
A company is migrating a NoSQL database to Amazon DynamoDB. The security team mandates that all data must be encrypted at rest using an AWS managed key. How should the solutions architect configure this?
Answer options:
A.
Enable encryption in the DynamoDB console during table creation.
B.
Do nothing. DynamoDB encrypts all data at rest by default.
C.
Use a Lambda function to encrypt data before writing to DynamoDB.
D.
Store the data in S3 instead, as DynamoDB does not support encryption at rest.
How to approach this question
Recall DynamoDB's default encryption behavior.
Full Answer
B.Do nothing. DynamoDB encrypts all data at rest by default.✓ Correct
Do nothing. DynamoDB encrypts all data at rest by default using an AWS owned key.
Amazon DynamoDB encrypts all user data at rest by default. You can choose between an AWS owned key (default), AWS managed key, or customer managed key.
Common mistakes
Thinking encryption must be manually enabled for DynamoDB.
Practice the full AWS SAA-C03 Practice Exam 2
65 questions · hints · full answers · grading
More questions from this exam
Q01A company wants to ensure that no AWS resources can be created in the ap-northeast-1 region acros...EasyQ02A web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The com...EasyQ03A company is storing highly sensitive data in an Amazon S3 bucket. The security team requires tha...MediumQ04An application running on an EC2 instance needs to access an Amazon DynamoDB table in a different...HardQ05A company needs to store database credentials securely. The credentials must be automatically rot...Medium