Crucial Exams

AWS Certified Developer Associate DVA-C02 Practice Question

A company is storing sensitive documents in an Amazon S3 bucket and wants to implement a solution where the development team can upload encrypted files without managing the encryption keys directly. The encryption should allow the use of different keys for each S3 object and enable the automatic rotation of those keys. Which of the following should the development team implement to meet these requirements?

  • Enable Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3) and schedule an AWS Lambda function to rotate the keys regularly.

  • Utilize AWS Secrets Manager to generate data keys for S3 object encryption and configure automatic rotation.

  • Implement Server-Side Encryption with Customer Provided Keys (SSE-C) and manage key rotation using a cron job on an EC2 instance.

  • Apply an S3 Bucket Policy that requires uploads to be encrypted with a specific AWS KMS Customer Master Key (CMK) without enabling key rotation.

  • Store and manage encryption keys in AWS CloudHSM and manually rotate the keys by creating new HSM-backed keys when required.

  • Use Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS) and enable automatic key rotation.

AWS Certified Developer Associate DVA-C02
Security
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot