Q39 — AWS SAA-C03 Ch.1
Question 39 of 65 | ← Chapter 1
Q39. A company wants to build a scalable key management infrastructure to support developers who need to encrypt data in their applications.What should a solutions architect do to reduce the operational burden?
- A. Use multi-factor authentication (MFA) to protect the encryption keys
- B. Use AWS Key Management Service (AWS KMS) to protect the encryption keys ✓
- C. Use AWS Certificate Manager (ACM) to create, store and assign the encryption keys
- D. Use an IAM policy to limit the scope of users who have access permissions to protect the encryption keys
Correct Answer: B. Use AWS Key Management Service (AWS KMS) to protect the encryption keys
Explanation
To reduce the operational burden of managing encryption keys, the solutions architect should use AWS Key Management Service (AWS KMS). AWS KMS is a managed service that simplifies the creation and management of encryption keys. It provides secure storage for the keys and integrates seamlessly with other AWS services. With AWS KMS, developers can easily generate and manage encryption keys without having to worry about the underlying infrastructure or operational tasks such as hardware provisioning, patching, or scaling. AWS KMS also provides features like automatic key rotation, audit logging, and integration with AWS Identity and Access Management (IAM) for fine-grained access control.