AWS Certified Solutions Architect Associate SAA-C03 Practice Question

A company utilizes Amazon S3 to store sensitive customer data. They are required by compliance regulations to encrypt their data at rest. Which of the following options adheres to security best practices for managing encryption keys for this scenario?

  • Store the encryption keys in the same Amazon S3 bucket as the data, using a dedicated directory for keys.

  • Implement AWS Certificate Manager (ACM) to create and manage encryption keys used for Amazon S3 server-side encryption.

  • Use AWS Secrets Manager to create and manage encryption keys for Amazon S3 data encryption.

  • Use AWS Key Management Service (KMS) with customer-managed keys (CMKs) and enable automatic key rotation.

AWS Certified Solutions Architect Associate SAA-C03
Design Secure Architectures
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot
AI Bot