nerdexam
Amazon

DVA-C02 · Question #97

A developer is building a highly secure healthcare application using serverless components. This application requires writing temporary data to /tmp storage on an AWS Lambda function. How should the d

The correct answer is B. Set up the Lambda function with a role and key policy to access an AWS KMS key. Use the key. The most secure and AWS-recommended approach is to use AWS KMS to generate a data key, then use that key to encrypt the data before writing to /tmp in the Lambda function. This ensures that the data is protected with KMS-managed encryption while maintaining high performance and c

Submitted by priya_blr· Mar 5, 2026Development with AWS Services

Question

A developer is building a highly secure healthcare application using serverless components. This application requires writing temporary data to /tmp storage on an AWS Lambda function. How should the developer encrypt this data?

Options

  • AEnable Amazon EBS volume encryption with an AWS KMS key in the Lambda function
  • BSet up the Lambda function with a role and key policy to access an AWS KMS key. Use the key
  • CUse OpenSSL to generate a symmetric encryption key on Lambda startup. Use this key to
  • DUse an on-premises hardware security module (HSM) to generate keys, where the Lambda

How the community answered

(55 responses)
  • A
    4% (2)
  • B
    76% (42)
  • C
    5% (3)
  • D
    15% (8)

Explanation

The most secure and AWS-recommended approach is to use AWS KMS to generate a data key, then use that key to encrypt the data before writing to /tmp in the Lambda function. This ensures that the data is protected with KMS-managed encryption while maintaining high performance and compliance with healthcare data requirements.

Community Discussion

No community discussion yet for this question.

Full DVA-C02 Practice