SCS-C03 · Question #109
SCS-C03 Question #109: Real Exam Question with Answer & Explanation
The correct answer is C: Use the DynamoDB Encryption Client. Use client-side encryption. Sign the table items.. The DynamoDB Encryption Client provides end-to-end data protection by encrypting data on the client side before it is stored in DynamoDB and decrypting it when retrieved. This ensures that sensitive data remains protected both at rest and in transit. Additionally, the client allo
Question
A company hosts a web-based application that captures and stores sensitive data in an Amazon DynamoDB table. The company needs to implement a solution that provides end-to-end data protection and the ability to detect unauthorized data changes. Which solution will meet these requirements?
Options
- AUse an AWS Key Management Service (AWS KMS) customer managed key. Encrypt the data at
- BUse AWS Private Certificate Authority. Encrypt the data in transit.
- CUse the DynamoDB Encryption Client. Use client-side encryption. Sign the table items.
- DUse the AWS Encryption SDK. Use client-side encryption. Sign the table items.
Explanation
The DynamoDB Encryption Client provides end-to-end data protection by encrypting data on the client side before it is stored in DynamoDB and decrypting it when retrieved. This ensures that sensitive data remains protected both at rest and in transit. Additionally, the client allows you to digitally sign items, which provides integrity verification and enables detection of unauthorized changes to the data.
Community Discussion
No community discussion yet for this question.