nerdexam
Amazon

DVA-C02 · Question #371

A developer is publishing critical log data to a log group in Amazon CloudWatch Logs. The log group was created 2 months ago. The developer must encrypt the log data by using an AWS Key Management Ser

The correct answer is D. Use the AWS CLI aws logs associate-kms-key command, and specify the key Amazon Resource. https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html

Submitted by devops_kid· Mar 5, 2026Security

Question

A developer is publishing critical log data to a log group in Amazon CloudWatch Logs. The log group was created 2 months ago. The developer must encrypt the log data by using an AWS Key Management Service (AWS KMS) key so that future data can be encrypted to comply with the company's security policy. Which solution will meet this requirement with the LEAST effort?

Options

  • AUse the AWS Encryption SDK for encryption and decryption of the data before writing to the log
  • BUse the AWS KMS console to associate the KMS key with the log group.
  • CUse the AWS CLI aws logs create-log-group command, and specify the key Amazon Resource
  • DUse the AWS CLI aws logs associate-kms-key command, and specify the key Amazon Resource

How the community answered

(25 responses)
  • A
    4% (1)
  • B
    16% (4)
  • C
    8% (2)
  • D
    72% (18)

Explanation

https://docs.aws.amazon.com/cli/latest/reference/logs/associate-kms-key.html

Community Discussion

No community discussion yet for this question.

Full DVA-C02 Practice