AWS Certified Cloud Practitioner

Explanation

AWS Key Management Service (AWS KMS) is the correct service for encrypting data at rest. Here's why:

• AWS KMS is a managed service that makes it easy to create and control the encryption keys used to encrypt your data. It integrates with many AWS services to encrypt data at rest, including Amazon S3, Amazon EBS, Amazon RDS, and more.

• Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads.

• AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS.

• AWS Security Hub is a cloud security posture management service that performs security best practice checks, aggregates alerts, and enables automated remediation.

AWS KMS provides centralized control over encryption keys and supports both symmetric and asymmetric encryption, making it the primary service for data encryption at rest across AWS services.