AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company wants to build a scalable key management infrastructure to support developers who need to encrypt data in their applications. What should a solutions architect do to reduce the operational burden?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Use multi-factor authentication (MFA) to protect the encryption keys.

Use AWS Key Management Service (AWS KMS) to protect the encryption keys.

Use AWS Certificate Manager (ACM) to create, store, and assign the encryption keys.

Use an IAM policy to limit the scope of users who have access permissions to protect the encryption keys.

Explanation:

Explanation

Correct Answer: B - Use AWS Key Management Service (AWS KMS) to protect the encryption keys.

AWS KMS is specifically designed to reduce the operational burden of key management by providing a fully managed service for creating and controlling encryption keys. Here's why:

Why AWS KMS is the Best Choice:

Fully Managed Service: AWS KMS handles the underlying infrastructure, security, and maintenance of encryption keys, reducing operational overhead.
Scalability: It automatically scales to meet the needs of multiple developers and applications.
Integration: Seamlessly integrates with other AWS services and developer applications.
Compliance: Provides built-in compliance features and audit trails through AWS CloudTrail.
Key Rotation: Supports automatic key rotation to maintain security without manual intervention.

Why Other Options Are Not Ideal:

A. Use multi-factor authentication (MFA) to protect the encryption keys.

While MFA enhances security, it doesn't reduce operational burden for key management infrastructure.
MFA is an authentication mechanism, not a key management solution.

C. Use AWS Certificate Manager (ACM) to create, store, and assign the encryption keys.

ACM is designed for SSL/TLS certificates, not general-purpose encryption key management.
ACM doesn't provide the same level of key management features as AWS KMS.

D. Use an IAM policy to limit the scope of users who have access permissions to protect the encryption keys.

IAM policies control access but don't manage the encryption keys themselves.
This approach would still require manual key management infrastructure.

Key Benefits of AWS KMS:

Centralized Key Management: Single place to create, manage, and audit encryption keys
Automated Operations: Reduces manual key management tasks
Developer-Friendly: Provides APIs and SDKs for easy integration into applications
Cost-Effective: Pay-per-use model with no upfront costs
High Availability: Built on AWS's highly available infrastructure

By using AWS KMS, the solutions architect can provide developers with a secure, scalable, and operationally efficient key management solution that integrates seamlessly with their applications while maintaining compliance and security standards.

Powered ByGPT-5.2

Comments

Loading comments...