Exam DVA-C02 Topic 3 Question 181 Discussion

Actual exam question for Amazon's DVA-C02 exam
Question #: 181
Topic #: 3
A developer needs to use Amazon DynamoDB to store customer orders. The developer's company requires all customer data to be encrypted at rest with a key that the company generates.
What should the developer do to meet these requirements?

Suggested Answer: B Vote an answer

Requirement Summary:
* Storecustomer ordersin DynamoDB
* Must encrypt data at rest
* Company wants to use akey it generates(i.e., customer managed key)
Evaluate Options:
A: Set encryption to None, manually encrypt/decrypt in code
* #Overhead and error-prone
* Alsonon-compliantwith AWS encryption best practices
#B. Use customer managed KMS key
* #Exactly meets the requirement: customer generates and controls the key
* During table creation, you can specify aKMS CMK ARN
C: Default encryption + kms:Encrypt in SDK
* #Misunderstanding: DynamoDB handles encryptionautomatically
* You don't need to call kms:Encrypt manually in SDK
D: Use AWS managed key
* #Does not meet the requirement of usingcustom company-generated key
* DynamoDB encryption: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html
* KMS customer managed keys: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk

by Emmanuel at Dec 25, 2025, 03:35 PM

Limited Time Offer

15%

Off

Get Premium DVA-C02 Questions as Interactive Self Test Engine or PDF

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
0
0
0
10