Your company has a requirement to work with a DynamoDB table. There is a security mandate that all data should be encrypted at rest.

Your company has a requirement to work with a DynamoDB table. There is a security mandate that all data should be encrypted at rest.

What is the easiest way to accomplish this for DynamoDB.
A . Use the AWS SDK to encrypt the data before sending it to the DynamoDB table
B . Encrypt the DynamoDB table using KMS during its creation
C . Encrypt the table using AWS KMS after it is created
D . Use S3 buckets to encrypt the data before sending it to DynamoDB

View Answer

Answer: B

Explanation:

The most easiest option is to enable encryption when the DynamoDB table is created.

The AWS Documentation mentions the following

Amazon DynamoDB offers fully managed encryption at rest. DynamoDB encryption at rest provides enhanced security by encrypting your data at rest using an AWS Key Management Service (AWS KMS) managed encryption key for DynamoDB. This functionality eliminates the operational burden and complexity involved in protecting sensitive data.

Option A is partially correct, you can use the AWS SDK to encrypt the data, but the easier option would be to encrypt the table before hand.

Option C is invalid because you cannot encrypt the table after it is created

Option D is invalid because encryption for S3 buckets is for the objects in S3 only.

For more information on securing data at rest for DynamoDB please refer to below URL: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.htmll

The correct answer is: Encrypt the DynamoDB table using KMS during its creation Submit your Feedback/Queries to our Experts