AWS SAP-C02 · Question 68 · Domain 2.3: Security Controls
A company is designing a multi-tenant SaaS application on AWS. They need to isolate the data of each tenant. The application uses Amazon DynamoDB. Some tenants have very strict compliance requirements and demand that their data is encrypted with their own KMS key. Other tenants are fine with standard encryption. What is the MOST scalable way to design the DynamoDB architecture?
Answer options:
Use a single DynamoDB table for all tenants. Encrypt the table with an AWS Managed Key.
Use a single DynamoDB table for all tenants. Implement client-side encryption in the application using each tenant's KMS key before writing to DynamoDB.
Create a separate DynamoDB table for every single tenant and encrypt each with their own KMS key.
Use a single DynamoDB table and configure item-level KMS encryption natively in DynamoDB.
75 questions · hints · full answers · grading
Expert