CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free AWS Certified Solutions Architect Associate SAA-C03 Practice Question

A company utilizes Amazon S3 to store sensitive customer data. They are required by compliance regulations to encrypt their data at rest. Which of the following options adheres to security best practices for managing encryption keys for this scenario?

  • Implement AWS Certificate Manager (ACM) to create and manage encryption keys used for Amazon S3 server-side encryption.

  • Store the encryption keys in the same Amazon S3 bucket as the data, using a dedicated directory for keys.

  • Use AWS Secrets Manager to create and manage encryption keys for Amazon S3 data encryption.

  • Use AWS Key Management Service (KMS) with customer-managed keys (CMKs) and enable automatic key rotation.

This question's topic:
AWS Certified Solutions Architect Associate SAA-C03 / 
Design Secure Architectures
Your Score:
Design Secure Architectures
Design Resilient Architectures
Design High-Performing Architectures
Design Cost-Optimized Architectures