AWS Certified Developer - Associate
Get started today
Ultimate access to all questions.
As a Developer Associate in charge of managing AWS Kinesis streams for your company, you have been tasked with enhancing the security of these streams. The security team has stipulated that the new security measures must utilize features inherent to the Kinesis Data Streams service and must not necessitate any alterations to your existing code.
Which of the following features would fulfill these security requirements? (Select two)
As a Developer Associate in charge of managing AWS Kinesis streams for your company, you have been tasked with enhancing the security of these streams. The security team has stipulated that the new security measures must utilize features inherent to the Kinesis Data Streams service and must not necessitate any alterations to your existing code.
Which of the following features would fulfill these security requirements? (Select two)
Explanation:
Overall explanation Correct options:
KMS encryption for data at rest
Encryption in flight with HTTPS endpoint
Server-side encryption is a feature in Amazon Kinesis Data Streams that automatically encrypts data before it's at rest by using an AWS KMS customer master key (CMK) you specify. Data is encrypted before it's written to the Kinesis stream storage layer and decrypted after it's retrieved from storage. As a result, your data is encrypted at rest within the Kinesis Data Streams service. Also, the HTTPS protocol ensures that data inflight is encrypted as well.
Incorrect options:
SSE-C encryption - SSE-C is functionality in Amazon S3 where S3 encrypts your data, on your behalf, using keys that you provide. This does not apply for the given use-case.
Client-Side Encryption - This involves code changes, so the option is incorrect.
Envelope Encryption - This involves code changes, so the option is incorrect.