This certification preparation material would help you in getting the jobs in the AWS Fields

AWS Developer Certification : Associate Level AWS Sysops Administrator Certification : Assciate Level AWS Solution Architect Certification : Associate Level AWS Soltion Architect : Professional Level AWS Certified Security Specialty (SCS-C01) AWS Professional certification Exam AWS Certified Big Data – Specialty (BDS-C00) AWS Certified Machine Learning MLS C01 Certification Prepration Materal AWS Solution Architect : Training Associate AWS Advanced Networking Certifications AWS Exam Prepare : Kinesis Data Stream Book : AWS Solution Architect Associate : Little Guide AWS Security Specialization Certification: Little Guide SCS-C01 AWS Package Deal

While applying to the Job you need to mention referred by : | or Website :


Question 11: You have been working with data which is quite sensitive and you use AWS S3 bucket to store that data with the encrypted version. Also you want to make sure who can encrypt and decrypt data with highly granular level of access control also same data needs to be uploaded in Redshift cluster in encrypted form. Which of the below approach is more suitable in this requirement.

  1. You will be using single AWS managed CMK to encrypt and decrypt the data as well as attach key policies for granular control.
  2. You will be using two separate AWS managed CMK one for S3 and other one for Redshift cluster and attach key policy to the keys for granular level of access control.
  3. You will be using single Customer managed CMK for encrypt and decrypt the data.
  4. You will be using AWS managed CMK with multi-factor-authentication enabled.

Correct Answer : C

Detailed Explanation:  In this question AWS wants to know your basic understanding between Customer Managed and AWS managed CMK. You must know that

  • For different services you have to use different AWS managed CMK. Hence, option 1 is out.
  • You cannot have granular level of access control for AWS managed CMK. Hence, option 1 and 2 is out.
  • If you want granular level of access to keys than you should use Customer Managed CMK and in this case option 3 is the only one seems to be correct. Because option 4 is also talking about AWS managed CMK.