Crucial Exams

AWS Certified Solutions Architect Associate SAA-C03 Practice Question

A company is required to enforce strict access policies regarding the management of its encryption keys used to secure sensitive data at rest on Amazon S3. Which of the following is the BEST method to ensure that only a select group of senior security personnel can administer the keys?

  • Encapsulate the encryption keys using an additional layer of encryption with a separate master key.

  • Use AWS managed keys for S3 and rely on default encryption features to restrict key administration.

  • Implement automatic key rotation every three months for the encryption keys.

  • Create a Customer Managed Key in AWS KMS and restrict access to a specific IAM group assigned to the senior security personnel.

AWS Certified Solutions Architect Associate SAA-C03
Design Secure Architectures
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot