Encrypting Data at Rest in DynamoDB | KindleYou Messaging App | AWS Certified Big Data - Specialty

Encrypt CustomerProfile Table in DynamoDB

Prev Question Next Question

Question

KindleYou is a multimedia company running a messaging app.

One of the principal features of QuickDialog is that pictures and messages are usually only available for a short time before they become inaccessible to users.

The app has evolved from originally centering on person-to-person photo sharing to present users' "Stories" of 24 hours of sequential content, along with "Discover", allowing brands show ad-supported short-form media.

They use DynamoDB to support the mobile application and S3 to host the images and other documents shared between users.

KindleYou has a large customer base spread across multiple geographic areas.

Customers need to update their profile information while using the application.

KindleYou wants to ensure that the data in CustomerProfile table is encrypted at rest.

How is it possible? Select 5 options.

Answers

A. Encrypts the data in the table using 256-bit Advanced Encryption Standard to secure the data from unauthorized access to the underlying storage

B. Encryption at rest integrates with AWS Key Management Service (AWS KMS) for managing the encryption key that is used to encrypt your table

C. AWS Owned CMK is used to encrypt the table is owned by DynamoDB

D. AWS Managed CMK to encrypt the table is owned by DynamoDB

E. AWS Managed CMK is managed by AWS KMS

F. AWS Owned CMK is managed by AWS KMS

G. Auditing of encryption and decryption of AWS owned CMK can be accessed using AWS CloudTrail H. Auditing of encryption and decryption of AWS managed CMK can be accessed using AWS CloudTrail.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F. G.

Answer: A,B,C,E,H.

Option A is correct.

Amazon DynamoDB encryption at rest encrypts your data using 256-bit Advanced Encryption Standard (AES256), which helps secure your data from unauthorized access to the underlying storage https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/encryption.howitworks.html.

Option B is correct.

Encryption at rest integrates with AWS Key Management Service (AWS KMS) for managing the encryption key that is used to encrypt your tables.

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/encryption.howitworks.html

Option C is correct.

AWS owned CMK - Default encryption type.

The key is owned by DynamoDB https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/encryption.howitworks.html.

Option D is incorrect.

AWS managed CMK -The key is stored in your account and is managed by AWS KMS https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/encryption.howitworks.html.

Option E is correct.

The key is stored in your account and is managed by AWS KMS https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/encryption.howitworks.html.

Option F is incorrect.

The key is owned by DynamoDB https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/encryption.howitworks.html.

Option G is incorrect.

You can audit the encryption and decryption of your DynamoDB table by examining the DynamoDB API calls to AWS KMS using AWS CloudTrail.

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/encryption.howitworks.html

Option H is correct.

You can audit the encryption and decryption of your DynamoDB table by examining the DynamoDB API calls to AWS KMS using AWS CloudTrail.

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/encryption.howitworks.html

To encrypt the data in the CustomerProfile table in DynamoDB, KindleYou can use AWS Key Management Service (AWS KMS) integrated with DynamoDB's encryption at rest feature. This will encrypt the data in the table using 256-bit Advanced Encryption Standard to secure the data from unauthorized access to the underlying storage.

The following options are correct:

A. Encrypts the data in the table using 256-bit Advanced Encryption Standard to secure the data from unauthorized access to the underlying storage.

B. Encryption at rest integrates with AWS Key Management Service (AWS KMS) for managing the encryption key that is used to encrypt your table. This means that KindleYou can use AWS KMS to generate, manage, and rotate the encryption keys that are used to encrypt the table. AWS KMS offers centralized key management and auditing capabilities, which can simplify key management for KindleYou.

C. and D. DynamoDB supports two types of customer-managed customer master keys (CMKs): AWS owned CMK and AWS managed CMK. AWS owned CMK is managed by AWS and is used to encrypt data in DynamoDB. KindleYou can't use AWS owned CMK to encrypt data in their own tables. In this case, KindleYou needs to use AWS managed CMK to encrypt the CustomerProfile table.

E. and F. AWS managed CMK is managed by AWS KMS. AWS owned CMK is owned and managed by AWS. AWS KMS makes it easy for KindleYou to create and manage CMKs.

G. and H. AWS CloudTrail can be used to audit encryption and decryption of data using both AWS owned CMK and AWS managed CMK. This will enable KindleYou to track and audit all activity related to encryption and decryption of data in the table, including who performed the operation, when it occurred, and what resources were involved.

In summary, to encrypt data in the CustomerProfile table in DynamoDB, KindleYou can use encryption at rest feature integrated with AWS KMS, and use AWS managed CMK to encrypt the table. AWS CloudTrail can be used to audit encryption and decryption of data.

Prev Question Next Question