SAA-C03 Question #224: Real Exam Question with Answer & Explanation

Question

A healthcare company is developing an AWS Lambda function that publishes notifications to an encrypted Amazon Simple Notification Service (Amazon SNS) topic. The notifications contain protected health information (PHI). The SNS topic uses AWS Key Management Service (AWS KMS) customer-managed keys for encryption. The company must ensure that the application has the necessary permissions to publish messages securely to the SNS topic. Which combination of steps will meet these requirements? (Select THREE.)

Options

• AResource policy for SNS topic:Ensures that the Lambda function is explicitly allowed to publish
• BUse server-side encryption with AWS KMS keys (SSE-KMS) for the SNS topic instead of
• CResource policy for KMS key:Provides the necessary permissions to use the customer-
• DSpecify the Lambda function's Amazon Resource Name (ARN) in the SNS topic's resourcepolicy.
• EAssociate an Amazon API Gateway HTTP API with the SNS topic to control access to the topic
• FLambda execution role:Grants the Lambda function the necessary IAM permissions to use the

Explanation

To securely publish messages to an encrypted Amazon SNS topic, the following steps are messages to the topic. managed key for encryption. Bis invalid because using SSE-KMS does not eliminate the need for resource policies. Doverlaps with A, but specifying the ARN in the topic policy is covered by creating the resource policy. Eis unrelated as API Gateway is not required for this setup.

No community discussion yet for this question.