AWS Solutions Architect - Associate
Domain 1: Design Secure Architectures
Practice questions for secure architecture design in AWS
Question 1
A company is storing sensitive data in an Amazon S3 bucket. The company needs to protect the data using encryption. Which of the following is the MOST secure encryption option?
View Answer & Explanation
Correct Answer: Client-Side Encryption with Customer Managed Keys
Explanation: Client-Side Encryption with Customer Managed Keys provides the highest level of control over the encryption keys, as the customer manages and maintains the keys completely outside of AWS.
Question 2
A solutions architect is designing a solution that will securely store personally identifiable information (PII) in an Amazon DynamoDB table. What is the MOST secure approach to encrypt this data?
View Answer & Explanation
Correct Answer: Use DynamoDB with AWS KMS client-side encryption
Explanation: Using DynamoDB with AWS KMS client-side encryption allows you to encrypt the data before it leaves the client and before it's stored in DynamoDB, providing end-to-end encryption for sensitive data like PII.
Question 3
A solutions architect needs to design a solution to protect data in transit for an application that runs on Amazon EC2 instances. Which AWS service or feature should be used?
View Answer & Explanation
Correct Answer: AWS Certificate Manager (ACM)
Explanation: AWS Certificate Manager (ACM) provides SSL/TLS certificates for securing communications between clients and your website or application, protecting data in transit.