AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company wants to securely exchange data between its software as a service (SaaS) application Salesforce account and Amazon S3. The company must encrypt the data at rest by using AWS Key Management Service (AWS KMS) customer managed keys (CMKs). The company must also encrypt the data in transit. The company has enabled API access for the Salesforce account.

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Create AWS Lambda functions to transfer the data securely from Salesforce to Amazon S3.

Create an AWS Step Functions workflow. Define the task to transfer the data securely from Salesforce to Amazon S3.

Create Amazon AppFlow flows to transfer the data securely from Salesforce to Amazon S3.

Create a custom connector for Salesforce to transfer the data securely from Salesforce to Amazon S3.

Explanation:

Explanation

Correct Answer: C - Create Amazon AppFlow flows to transfer the data securely from Salesforce to Amazon S3.

Amazon AppFlow is the most appropriate solution for this scenario because:

Native Integration: Amazon AppFlow provides native, managed integration with Salesforce and other SaaS applications, eliminating the need for custom development.
Built-in Security: AppFlow automatically encrypts data in transit using TLS 1.2 and supports encryption at rest using AWS KMS customer managed keys (CMKs).
Simplified Management: As a fully managed service, AppFlow handles authentication, data transformation, and error handling without requiring custom code.
Compliance: AppFlow meets the security requirements specified - encryption at rest with AWS KMS CMKs and encryption in transit.

Why other options are less optimal:

A (AWS Lambda): While Lambda can be used, it requires custom development for authentication, data extraction, transformation, and error handling. This increases complexity and maintenance overhead.
B (AWS Step Functions): Step Functions is an orchestration service that would still require underlying Lambda functions or other services to perform the actual data transfer, adding unnecessary complexity.
D (Custom Connector): Building a custom connector requires significant development effort, ongoing maintenance, and may not provide the same level of built-in security features as AppFlow.

Key Benefits of Amazon AppFlow:

Pre-built connectors for Salesforce and other SaaS applications
Automatic encryption in transit (TLS 1.2)
Support for AWS KMS CMKs for encryption at rest
No infrastructure management required
Built-in data transformation capabilities
Scheduled or event-driven flows
Compliance with various security standards

Using Amazon AppFlow provides the most secure, efficient, and maintainable solution for securely exchanging data between Salesforce and Amazon S3 while meeting all the specified encryption requirements.

Powered ByGPT-5.2

Comments

Loading comments...