Exam DVA-C02 Topic 3 Question 474 Discussion

Actual exam question for Amazon's DVA-C02 exam
Question #: 474
Topic #: 3
A healthcare company uses AWS Amplify to host a patient management system. The system uses Amazon API Gateway to expose RESTful APIs. The backend logic of the system is handled by AWS Lambda functions.
One of the Lambda functions receives patient data that includes personally identifiable information (PII). The Lambda function sends the patient data to an Amazon DynamoDB table. The company must encrypt all patient data at rest and in transit before the data is stored in DynamoDB.

Suggested Answer: A Vote an answer

Comprehensive Detailed Explanation with all AWS References
* Why Option A is Correct:Encrypting PII at rest and in transit before storing it in DynamoDB ensures end-to-end security. Using the AWS Database Encryption SDK with KMS keys allows the Lambda function to encrypt data before transmission, meeting security and compliance requirements.
* Why Other Options are Incorrect:
* Option B: While AWS-managed KMS keys encrypt DynamoDB data at rest, they do not encrypt data in transit.
* Option C: DynamoDB streams process updates after the data is written to the table, failing to encrypt PII in transit.
* Option D: Step Functions and SQS add unnecessary complexity and still require encryption logic for both transit and at rest.
* AWS Documentation References:
* Encrypting Data in DynamoDB
* AWS Database Encryption SDK

by Lance at Nov 07, 2025, 11:11 PM

Limited Time Offer

15%

Off

Get Premium DVA-C02 Questions as Interactive Self Test Engine or PDF

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
0
0
0
10