Q51 — AWS DVA-C02 Ch.2

Question 51 of 100 | ← Chapter 2

A developer needs to use Amazon DynamoDB to store customer orders. The company requires static encryption of all customer data using a company-generated key. What should the developer do to meet these requirements?

Correct Answer: B. Use AWS Key Management Service (AWS KMS) to store the key. During DynamoDB table creation, select an AWS KMS customer-managed key and provide the Amazon Resource Name (ARN) of the AWS KMS key.

Explanation

Option B is correct. To meet the requirement of using a company-generated key for static encryption of customer data in DynamoDB, AWS Key Management Service (AWS KMS) must be used to store the key. During DynamoDB table creation, selecting an AWS KMS customer-managed key and providing its ARN ensures that customer data is encrypted at rest using the specified key, satisfying the company’s requirement. Option A does not leverage native DynamoDB encryption. Option C’s default encryption may not use the required company-generated key. Option D uses an AWS-managed key, not a customer-managed key, violating the requirement to use a company-generated key. 【Lantern Certification provided by: swufelp1999】